Critical Vulnerabilities Found in libssh2 SSH Library

Two critical vulnerabilities have been identified in libssh2, an SSH library used in millions of systems. The vulnerabilities, CVE-2026-55200 and CVE-2026-55199, allow remote code execution and denial-of-service attacks without user interaction. Affected versions include 1.11.1 and earlier. Attackers can exploit these flaws by sending crafted SSH packets to vulnerable systems. The first vulnerability has a severity score of 9.2, while the second has a score of 8.2. Patches are available in the form of GitHub commits, but an official release has not yet been made. Many Linux distributions are working to backport the fixes. The potential impact is significant, as libssh2 is widely used in sensitive applications, including network management and IoT devices.

Key Points: • Two critical vulnerabilities in libssh2 allow remote code execution and DoS attacks. • Affected versions include 1.11.1 and earlier; patches are available but not yet officially released. • The vulnerabilities could impact millions of systems globally, including IoT devices and servers.