9.8
CRITICAL CVSS 3.1
CVE-2026-55200
libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c
Description

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.

INFO

Published Date :

June 17, 2026, 8:17 p.m.

Last Modified :

July 1, 2026, 5:16 a.m.

Remotely Exploit :

Yes !
Affected Products

The following products are affected by CVE-2026-55200 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Libssh2 libssh2
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 134c704f-9b21-4f2e-91b3-4a467353bcc0
CVSS 3.1 HIGH 83251b91-4cc7-4094-a5c7-464a1b83ea10
CVSS 3.1 HIGH [email protected]
CVSS 3.1 CRITICAL [email protected]
CVSS 3.1 HIGH [email protected]
CVSS 4.0 CRITICAL 83251b91-4cc7-4094-a5c7-464a1b83ea10
CVSS 4.0 CRITICAL [email protected]
Solution
Update libssh2 to a version that addresses the out-of-bounds write vulnerability.
  • Update libssh2 to a patched version.
  • Apply the fix from commit 7acf3df.
  • Validate packet length checks.
Public PoC/Exploit Available at Github

CVE-2026-55200 has a 18 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2026-55200 is associated with the following CWEs:

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

None

Python C Shell JavaScript Java C# HTML C++ PHP Assembly

Updated: 3 days, 17 hours ago
0 stars 0 fork 0 watcher
Born at : July 4, 2026, 4:03 a.m. This repo has been linked 1 different CVEs too.

None

Updated: 5 days, 21 hours ago
0 stars 0 fork 0 watcher
Born at : July 2, 2026, 12:24 a.m. This repo has been linked 1 different CVEs too.

None

C

Updated: 4 days, 20 hours ago
0 stars 0 fork 0 watcher
Born at : July 2, 2026, 12:19 a.m. This repo has been linked 1 different CVEs too.

exploitarium

Python C Shell JavaScript Java C# C++ PHP Rust Batchfile

Updated: 1 week ago
0 stars 1 fork 1 watcher
Born at : June 30, 2026, 7:55 a.m. This repo has been linked 1 different CVEs too.

Get safe, and straight

Python C Shell JavaScript Java C# C++ PHP Rust Batchfile

Updated: 1 week, 1 day ago
1 stars 0 fork 0 watcher
Born at : June 29, 2026, 8:01 p.m. This repo has been linked 1 different CVEs too.

None

Python C Shell JavaScript Java C# C++ PHP Rust Batchfile

Updated: 1 week, 1 day ago
0 stars 0 fork 0 watcher
Born at : June 29, 2026, 12:15 p.m. This repo has been linked 1 different CVEs too.

CVE-2026-55200 - Critical libssh2 Remote Code Execution Vulnerability

C

Updated: 6 days, 5 hours ago
2 stars 1 fork 1 watcher
Born at : June 29, 2026, 12:11 p.m. This repo has been linked 1 different CVEs too.

test

Shell JavaScript C++ Python C PHP Java C# Rust Batchfile

Updated: 1 week ago
2 stars 11 fork 11 watcher
Born at : June 29, 2026, 12:08 p.m. This repo has been linked 1 different CVEs too.

None

Python C Shell JavaScript Java C# C++ PHP Rust Batchfile

Updated: 5 days, 12 hours ago
68 stars 124 fork 124 watcher
Born at : June 29, 2026, 10:03 a.m. This repo has been linked 1 different CVEs too.

KQL detection rules for Microsoft Sentinel and Defender XDR covering the bikini/exploitarium anonymous disclosure — a personal research archive of 15+ distinct vulnerability targets across 109+ tracked files, released without vendor notification on June 23, 2026.

kql threat-detection threat-hunting threat-intelligence

Updated: 4 days, 19 hours ago
36 stars 26 fork 26 watcher
Born at : June 28, 2026, 9:36 p.m. This repo has been linked 4 different CVEs too.

Structured, machine-readable corpus of 23 real-world vulnerabilities — metadata, CWE, root cause, exploit primitive & discovery methodology — distilled from public Exploitarium PoC research. For defensive/educational use.

corpus cwe dataset exploit-database infosec security security-research vulnerability-research

Python

Updated: 1 week, 2 days ago
0 stars 0 fork 0 watcher
Born at : June 27, 2026, 11:21 p.m. This repo has been linked 1 different CVEs too.

Daily tech-watch digest (AI, dev, DevOps, data, cloud). Auto-published from my watch on baptisteblouin.fr

ai artificial-intelligence automation cloud cloudflare-workers data-engineering devops digest github-actions llm machine-learning mlops newsletter rss tech-news tech-watch ai-news

JavaScript

Updated: 5 days, 15 hours ago
1 stars 0 fork 0 watcher
Born at : June 27, 2026, 8:41 a.m. This repo has been linked 3 different CVEs too.

Loginsoft Vulnerability Intelligence (LOVI)

Updated: 4 days, 15 hours ago
0 stars 0 fork 0 watcher
Born at : June 24, 2026, 9:23 a.m. This repo has been linked 5 different CVEs too.

CVE-2026-55200

C

Updated: 1 week, 5 days ago
8 stars 1 fork 1 watcher
Born at : June 23, 2026, 9:13 p.m. This repo has been linked 1 different CVEs too.

A single archive of public exploit PoCs and vulnerability research writeups. At the time I post these, none have been reported. Feel free to report them yourself and take credit for the CVE if handed out lulz

Python Shell Java C# JavaScript C++ C Batchfile Rust PHP

Updated: 1 week, 4 days ago
65 stars 13 fork 13 watcher
Born at : June 23, 2026, 5:14 a.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2026-55200 vulnerability anywhere in the article.

  • The Hacker News
Suspected China-Aligned Hackers Exploit Roundcube Flaws Against Universities

A suspected China-aligned threat activity cluster has been observed exploiting Roundcube webmail software belonging to physics and engineering departments of U.S. and Canadian universities as part of ... Read more

Published Date: Jul 07, 2026 (12 hours, 43 minutes ago)
  • The Hacker News
CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware

Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' w ... Read more

Published Date: Jul 07, 2026 (15 hours, 13 minutes ago)
  • The Hacker News
BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA

BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthent ... Read more

Published Date: Jul 07, 2026 (16 hours, 37 minutes ago)
  • The Hacker News
Iran-Linked Hackers Use New Cavern C2 Framework to Target Israeli Organizations

An Iranian hacking group affiliated with Iran's Ministry of Intelligence and Security (MOIS) has been wielding a previously undocumented modular command-and-control (C2) framework dubbed Cavern (aka C ... Read more

Published Date: Jul 06, 2026 (1 day, 3 hours ago)
  • The Hacker News
16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as CVE-202 ... Read more

Published Date: Jul 06, 2026 (1 day, 4 hours ago)
  • The Hacker News
Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 (CVSS scor ... Read more

Published Date: Jul 06, 2026 (1 day, 5 hours ago)
  • The Hacker News
Unpatched Flaws Disclosed in Filesystem Bundled Into Millions of Embedded Devices

Security firm runZero has disclosed seven vulnerabilities in FatFs, a small filesystem library that lets a device read and write the FAT and exFAT formats used on USB drives and SD cards. The flaws ma ... Read more

Published Date: Jul 03, 2026 (4 days, 1 hour ago)
  • The Hacker News
New "Bad Epoll" Linux Kernel Flaw Lets Unprivileged Users Gain Root, Hits Android

A newly disclosed Linux kernel flaw called Bad Epoll (CVE-2026-46242) lets an ordinary user with no special access take full control of a machine as root. It affects Linux desktops, servers, and Andro ... Read more

Published Date: Jul 03, 2026 (4 days, 2 hours ago)
  • The Hacker News
New Avalon Malware Framework Packs CrownX Ransomware Capabilities

Cybersecurity researchers have discovered a previously undocumented modular malware framework codenamed Avalon that's distributed by means of a multi-stage phishing chain capable of bypassing traditio ... Read more

Published Date: Jul 03, 2026 (4 days, 2 hours ago)
  • The Hacker News
Armored Likho Targets Government Agencies, Power Sector with BusySnake Stealer

A previously undocumented threat actor known as Armored Likho has been attributed to cyber attacks targeting government agencies and the electric power sector across Russia, Brazil, and Kazakhstan. "A ... Read more

Published Date: Jul 03, 2026 (4 days, 8 hours ago)
  • TheCyberThrone
Google Chrome 150 Security Update: 382 Vulnerabilities Fixed

Google has released Chrome 150, delivering one of its most extensive security patch cycles of 2026. The update addresses 382 vulnerabilities, including 15 critical flaws, reinforcing a pattern the sec ... Read more

Published Date: Jul 01, 2026 (6 days, 5 hours ago)
  • TheCyberThrone
CVE-2026-48558: SimpleHelp OIDC Flaw Added to KEV

Authentication systems are built on trust.But when that trust is broken at the protocol layer, the entire security model collapses.That is exactly what happened with CVE-2026-48558, a critical vulnera ... Read more

Published Date: Jun 30, 2026 (1 week ago)
  • TheCyberThrone
CVE-2026-55200: Critical libssh2 Flaw Opens Remote Code Execution Path

The SSH protocol is one of the most trusted pillars of secure remote communication. But when the library underneath it breaks, the blast radius can be significant.A newly disclosed vulnerability, libs ... Read more

Published Date: Jun 29, 2026 (1 week, 1 day ago)
  • The Hacker News
Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code ... Read more

Published Date: Jun 29, 2026 (1 week, 1 day ago)

The following table lists the changes that have been made to the CVE-2026-55200 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jul. 01, 2026

    Action Type Old Value New Value
    Changed SSVC {'id': 'CVE-2026-55200', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'poc'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-25T03:55:25.101376Z'} {'id': 'CVE-2026-55200', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'poc'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-17T00:00:00+00:00'}
  • Modified Analysis by [email protected]

    Jun. 30, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L
    Removed CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added Reference Type CISA-ADP: https://web.archive.org/web/20260623211210/https://github.com/bikini/exploitarium/tree/main/libssh2-cve-2026-55200-poc Types: Exploit, Third Party Advisory
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 30, 2026

    Action Type Old Value New Value
    Added Reference https://web.archive.org/web/20260623211210/https://github.com/bikini/exploitarium/tree/main/libssh2-cve-2026-55200-poc
    Removed Reference https://github.com/bikini/exploitarium/tree/main/libssh2-cve-2026-55200-poc
    Removed Reference Type https://github.com/bikini/exploitarium/tree/main/libssh2-cve-2026-55200-poc Types: Patch
    Changed SSVC {'id': 'CVE-2026-55200', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'poc'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-17T00:00:00+00:00'} {'id': 'CVE-2026-55200', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'poc'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-25T03:55:25.101376Z'}
  • Initial Analysis by [email protected]

    Jun. 26, 2026

    Action Type Old Value New Value
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CPE Configuration OR *cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:* versions up to (including) 1.11.1
    Added Reference Type VulnCheck: https://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8 Types: Patch
    Added Reference Type VulnCheck: https://github.com/libssh2/libssh2/pull/2052 Types: Patch
    Added Reference Type VulnCheck: https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c Types: Third Party Advisory
    Added Reference Type CISA-ADP: https://github.com/bikini/exploitarium/tree/main/libssh2-cve-2026-55200-poc Types: Patch
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 25, 2026

    Action Type Old Value New Value
    Changed SSVC {'id': 'CVE-2026-55200', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'poc'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-24T15:29:08.618049Z'} {'id': 'CVE-2026-55200', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'poc'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-17T00:00:00+00:00'}
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 24, 2026

    Action Type Old Value New Value
    Added Reference https://github.com/bikini/exploitarium/tree/main/libssh2-cve-2026-55200-poc
    Changed SSVC {'id': 'CVE-2026-55200', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'none'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-17T00:00:00+00:00'} {'id': 'CVE-2026-55200', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'poc'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-24T15:29:08.618049Z'}
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 18, 2026

    Action Type Old Value New Value
    Changed SSVC {'id': 'CVE-2026-55200', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'none'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-17T19:44:55.448374Z'} {'id': 'CVE-2026-55200', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'none'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-17T00:00:00+00:00'}
  • New CVE Received by [email protected]

    Jun. 17, 2026

    Action Type Old Value New Value
    Added Affected [{'repo': 'https://github.com/libssh2/libssh2', 'vendor': 'libssh2', 'product': 'libssh2', 'versions': [{'status': 'affected', 'version': '0', 'versionType': 'semver', 'lessThanOrEqual': '1.11.1'}, {'status': 'unaffected', 'version': '7acf3dfda80c91c3a8c9f2372546301d4a1a7a8', 'versionType': 'git'}], 'defaultStatus': 'unaffected'}]
    Added Description libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2_transport_read() that fails to enforce upper bounds on packet_length field. Remote attackers can send crafted SSH packets with excessively large packet_length values to corrupt heap memory and achieve remote code execution.
    Added CVSS V4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
    Added CVSS V3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-680
    Added Reference https://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8
    Added Reference https://github.com/libssh2/libssh2/pull/2052
    Added Reference https://www.vulncheck.com/advisories/libssh2-out-of-bounds-write-via-unchecked-packet-length-in-transport-c
  • CVE Modified by 134c704f-9b21-4f2e-91b3-4a467353bcc0

    Jun. 17, 2026

    Action Type Old Value New Value
    Added SSVC {'id': 'CVE-2026-55200', 'role': 'CISA Coordinator', 'options': [{'exploitation': 'none'}, {'automatable': 'no'}, {'technicalImpact': 'total'}], 'version': '2.0.3', 'timestamp': '2026-06-17T19:44:55.448374Z'}
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.