Critical libssh2 CVE-2026-55200 PoC Released; Integer Overflow Enables Client RCE
Public proof-of-concept released for CVE-2026-55200, a critical integer overflow in libssh2 affecting all versions through 1.11.1 that allows malicious SSH servers to trigger memory corruption and code execution on connecting clients.
Attack Brief
Targetlibssh2 SSH client libraryVectorInteger overflow to buffer overflow in SSH packet length parsing (CWE-680)Attributionresearcher disclosure
Technical Details
CVE IDsCVE-2026-55200MITRE ATT&CKT1190Affectedlibssh2 versions up to and including 1.11.1
Impact
Confirmed DamageOut-of-bounds heap write enabling remote code execution on SSH clients connecting to malicious or compromised SSH servers; affects curl, Git, PHP, backup agents, firmware updaters, and embedded appliances
Mitigation
PatchesPatch merged in pull request #2052 on June 12, 2026; adds upper bound check on packet_length field before arithmetic calculationDetectionCISA exploitation rating currently none; no in-the-wild exploitation reported as of publication
Context
Similar AttacksCVE-2019-3855 (2019): near-identical integer overflow in libssh2 transport read function allowing malicious server code execution on connecting client