CVE-2026-0965

EUVD-2026-16328
A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
libsshlibssh
𝑥
≤ 0.11.3
redhatenterprise_linux
9.0
redhatenterprise_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libssh
bookworm
no-dsa
bookworm (security)
vulnerable
bullseye
postponed
bullseye (security)
vulnerable
forky
0.12.0-3
fixed
sid
0.12.0-3
fixed
trixie
no-dsa
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libssh-config
suse enterprise desktop 15 SP7
0.9.8-150600.11.9.1
fixed
suse enterprise sap 15 SP7
0.9.8-150600.11.9.1
fixed
suse enterprise server 15 SP4
0.9.8-150400.3.17.1
fixed
suse enterprise server 15 SP7
0.9.8-150600.11.9.1
fixed
libssh-devel
suse enterprise desktop 15 SP7
0.9.8-150600.11.9.1
fixed
suse enterprise sap 15 SP7
0.9.8-150600.11.9.1
fixed
suse enterprise server 15 SP4
0.9.8-150400.3.17.1
fixed
suse enterprise server 15 SP7
0.9.8-150600.11.9.1
fixed
libssh4
suse enterprise desktop 15 SP7
0.9.8-150600.11.9.1
fixed
suse enterprise sap 15 SP7
0.9.8-150600.11.9.1
fixed
suse enterprise server 15 SP4
0.9.8-150400.3.17.1
fixed
suse enterprise server 15 SP7
0.9.8-150600.11.9.1
fixed
libssh4-32bit
suse enterprise desktop 15 SP7
0.9.8-150600.11.9.1
fixed
suse enterprise sap 15 SP7
0.9.8-150600.11.9.1
fixed
suse enterprise server 15 SP4
0.9.8-150400.3.17.1
fixed
suse enterprise server 15 SP7
0.9.8-150600.11.9.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libssh
RHEL 9
0:0.10.4-18.el9
fixed
libssh-config
RHEL 9
0:0.10.4-18.el9
fixed
libssh-devel
RHEL 9
0:0.10.4-18.el9
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
libssh
Amazon Linux 2023
0:0.10.6-1.amzn2023.0.8
fixed
libssh-config
Amazon Linux 2023
0:0.10.6-1.amzn2023.0.8
fixed
libssh-debuginfo
Amazon Linux 2023
0:0.10.6-1.amzn2023.0.8
fixed
libssh-debugsource
Amazon Linux 2023
0:0.10.6-1.amzn2023.0.8
fixed
libssh-devel
Amazon Linux 2023
0:0.10.6-1.amzn2023.0.8
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
libssh
Azure Linux 3.0
0:0.10.6-7.azl3
fixed
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2026:18160
https://access.redhat.com/errata/RHSA-2026:18683
https://access.redhat.com/security/cve/CVE-2026-0965
https://bugzilla.redhat.com/show_bug.cgi?id=2436980