CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-55199

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can set nr_extensions to 0xFFFFFFFF during key exchange, causing the client to spin in a tight CPU loop for over 60 seconds because return values from _libssh2_get_string() are unchecked and the session timeout does not apply to CPU-bound loops.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 32.6%

CVSS Severity

CVSS v3 Score 5.9

References

Products affected by CVE-2026-55199

Libssh2 » Libssh2 » Version: N/A

cpe:2.3:a:libssh2:libssh2:-
Libssh2 » Libssh2 » Version: 0.1

cpe:2.3:a:libssh2:libssh2:0.1
Libssh2 » Libssh2 » Version: 0.10

cpe:2.3:a:libssh2:libssh2:0.10
Libssh2 » Libssh2 » Version: 0.11

cpe:2.3:a:libssh2:libssh2:0.11
Libssh2 » Libssh2 » Version: 0.12

cpe:2.3:a:libssh2:libssh2:0.12
Libssh2 » Libssh2 » Version: 0.13

cpe:2.3:a:libssh2:libssh2:0.13
Libssh2 » Libssh2 » Version: 0.14

cpe:2.3:a:libssh2:libssh2:0.14
Libssh2 » Libssh2 » Version: 0.15

cpe:2.3:a:libssh2:libssh2:0.15
Libssh2 » Libssh2 » Version: 0.16

cpe:2.3:a:libssh2:libssh2:0.16
Libssh2 » Libssh2 » Version: 0.17

cpe:2.3:a:libssh2:libssh2:0.17
Libssh2 » Libssh2 » Version: 0.18

cpe:2.3:a:libssh2:libssh2:0.18
Libssh2 » Libssh2 » Version: 0.3

cpe:2.3:a:libssh2:libssh2:0.3
Libssh2 » Libssh2 » Version: 0.5

cpe:2.3:a:libssh2:libssh2:0.5
Libssh2 » Libssh2 » Version: 0.6

cpe:2.3:a:libssh2:libssh2:0.6
Libssh2 » Libssh2 » Version: 0.7

cpe:2.3:a:libssh2:libssh2:0.7
Libssh2 » Libssh2 » Version: 0.8

cpe:2.3:a:libssh2:libssh2:0.8
Libssh2 » Libssh2 » Version: 1.0

cpe:2.3:a:libssh2:libssh2:1.0
Libssh2 » Libssh2 » Version: 1.1

cpe:2.3:a:libssh2:libssh2:1.1
Libssh2 » Libssh2 » Version: 1.10.0

cpe:2.3:a:libssh2:libssh2:1.10.0
Libssh2 » Libssh2 » Version: 1.2

cpe:2.3:a:libssh2:libssh2:1.2
Libssh2 » Libssh2 » Version: 1.2.1

cpe:2.3:a:libssh2:libssh2:1.2.1
Libssh2 » Libssh2 » Version: 1.2.2

cpe:2.3:a:libssh2:libssh2:1.2.2
Libssh2 » Libssh2 » Version: 1.2.3

cpe:2.3:a:libssh2:libssh2:1.2.3
Libssh2 » Libssh2 » Version: 1.2.4

cpe:2.3:a:libssh2:libssh2:1.2.4
Libssh2 » Libssh2 » Version: 1.2.5

cpe:2.3:a:libssh2:libssh2:1.2.5
Libssh2 » Libssh2 » Version: 1.2.6

cpe:2.3:a:libssh2:libssh2:1.2.6
Libssh2 » Libssh2 » Version: 1.2.7

cpe:2.3:a:libssh2:libssh2:1.2.7
Libssh2 » Libssh2 » Version: 1.2.8

cpe:2.3:a:libssh2:libssh2:1.2.8
Libssh2 » Libssh2 » Version: 1.2.9

cpe:2.3:a:libssh2:libssh2:1.2.9
Libssh2 » Libssh2 » Version: 1.3.0

cpe:2.3:a:libssh2:libssh2:1.3.0
Libssh2 » Libssh2 » Version: 1.4.0

cpe:2.3:a:libssh2:libssh2:1.4.0
Libssh2 » Libssh2 » Version: 1.4.1

cpe:2.3:a:libssh2:libssh2:1.4.1
Libssh2 » Libssh2 » Version: 1.4.2

cpe:2.3:a:libssh2:libssh2:1.4.2
Libssh2 » Libssh2 » Version: 1.4.3

cpe:2.3:a:libssh2:libssh2:1.4.3
Libssh2 » Libssh2 » Version: 1.5.0

cpe:2.3:a:libssh2:libssh2:1.5.0
Libssh2 » Libssh2 » Version: 1.6.0

cpe:2.3:a:libssh2:libssh2:1.6.0
Libssh2 » Libssh2 » Version: 1.7.0

cpe:2.3:a:libssh2:libssh2:1.7.0
Libssh2 » Libssh2 » Version: 1.8.0

cpe:2.3:a:libssh2:libssh2:1.8.0
Libssh2 » Libssh2 » Version: 1.8.1

cpe:2.3:a:libssh2:libssh2:1.8.1
Libssh2 » Libssh2 » Version: 1.8.2

cpe:2.3:a:libssh2:libssh2:1.8.2
Libssh2 » Libssh2 » Version: 1.9.0

cpe:2.3:a:libssh2:libssh2:1.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-55199

Products

Pricing

Contact Us