Multiple CVEs Discovered in Mageia's libssh Affecting Resource Management

Mageia has reported several vulnerabilities in its libssh implementation, with the most recent advisories detailing five new CVEs (CVE-2026-0964 to CVE-2026-0968) published on March 26, 2026. These vulnerabilities include improper sanitation of paths from SCP servers, potential resource exhaustion, and memory corruption risks. The earlier advisory (CVE-2025-4877 to CVE-2025-5987) from June 10, 2026, highlighted issues like double free errors and invalid return codes. Affected systems include Mageia 9 with libssh version 0.10.6. The vulnerabilities could potentially allow attackers to exploit misconfigurations or malformed inputs, leading to denial of service or memory corruption. Users are advised to update their systems to mitigate these risks. The advisories emphasize the importance of proper configuration and input validation in secure communications.

Key Points: • Five new CVEs related to libssh were published on March 26, 2026. • Vulnerabilities include resource exhaustion and memory corruption risks. • Users of Mageia 9 with libssh version 0.10.6 are urged to update their systems.