CVE-2026-0965
Arbitrary File Access Flaw in libssh Causes Denial of Service
Publication date: 2026-03-26
Last updated on: 2026-04-02
Assigner: Red Hat, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux | 10.0 |
| libssh | libssh | to 0.11.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-73 | The product allows user input to control or influence paths or file names that are used in filesystem operations. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-0965 is a vulnerability in libssh where the software attempts to open arbitrary files during configuration parsing without restricting the file types. This means that if a local attacker provides a malicious configuration file or if the system is misconfigured, libssh might open dangerous files such as block devices, FIFOs, named pipes, or very large system files.
This improper handling can lead to a Denial of Service (DoS) condition because accessing these files can disrupt normal operations.
The vulnerability affects all configuration files loaded from default locations or parsed via specific libssh functions, including those included directly or through glob wildcards.
The fix for this issue involves restricting libssh to read only regular files and enforcing a maximum configuration file size limit of 16 MB.
How can this vulnerability impact me? :
This vulnerability can impact you by causing a Denial of Service (DoS) on systems using libssh. If exploited, the system may attempt to open inappropriate or dangerous files during configuration parsing, which can disrupt normal operations and potentially make the service unavailable.
Since the vulnerability requires local access or a misconfiguration to be exploited, it primarily affects environments where untrusted users can supply configuration files or where configuration files are not properly controlled.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking for the presence of malicious or misconfigured libssh configuration files that attempt to open arbitrary or non-regular files such as block devices, FIFOs, named pipes, or very large system files.
You can inspect the configuration files loaded by libssh, including those parsed by the functions ssh_config_parse_file() and ssh_bind_config_parse_file(), as well as any included files or those matched by glob wildcards.
Suggested commands to detect suspicious configuration files include:
- Find configuration files larger than 16 MB (the maximum allowed size): find /etc/ssh -type f -size +16M
- Check for symbolic links, block devices, FIFOs, or named pipes in configuration directories: find /etc/ssh \( -type b -o -type p -o -type l \)
- Review the contents of configuration files for suspicious include directives or unusual file references.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting libssh to read only regular files and enforcing a maximum configuration file size limit of 16 MB.
Ensure that all libssh configuration files are properly validated and do not include or reference block devices, FIFOs, named pipes, or very large files.
Apply any available patches or updates that implement these restrictions and fixes.
Review and sanitize all configuration files to remove or correct any malicious or misconfigured entries.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.