CVE-2026-0968
Modified Modified - Updated After Analysis
Heap-Based Buffer Overflow in libssh SFTP Causes DoS

Publication date: 2026-03-26

Last updated on: 2026-05-19

Assigner: Red Hat, Inc.

Description
A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-26
Last Modified
2026-05-19
Generated
2026-06-16
AI Q&A
2026-03-26
EPSS Evaluated
2026-06-15
NVD
CVE-2026-0968
EUVD
EUVD-2026-16335
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
redhat enterprise_linux 9.0
redhat enterprise_linux 10.0
libssh libssh to 0.11.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

To mitigate this vulnerability, it is recommended to update libssh to a version where this issue is fixed. Since the vulnerability allows a denial of service via malformed SFTP messages, avoiding connections to untrusted or malicious SFTP servers can reduce risk.

Additionally, monitoring for application crashes related to libssh during SFTP file listing operations may help identify exploitation attempts.

Executive Summary

This vulnerability exists in libssh where a malicious SFTP server can send a malformed 'longname' field within an SSH_FXP_NAME message during a file listing operation.

Because libssh lacks a null pointer check for this field, it can cause the software to read beyond the allocated memory on the heap.

This out-of-bounds read can lead to unexpected behavior or cause the application to crash, resulting in a denial of service (DoS).

Impact Analysis

The primary impact of this vulnerability is that it can cause denial of service (DoS) by crashing applications that use libssh when interacting with a malicious SFTP server.

This means that systems relying on libssh for SFTP operations could become unavailable or unstable if exploited.

The severity is considered low, but it can disrupt services that depend on stable SSH file transfer functionality.

Detection Guidance

This vulnerability involves a malformed 'longname' field within the SSH_FXP_NAME message sent by a malicious SFTP server, which can cause libssh clients to crash or behave unexpectedly.

To detect this vulnerability on your system, you can monitor for crashes or denial of service symptoms in applications using libssh when connecting to SFTP servers.

Network detection could involve capturing and analyzing SFTP traffic for malformed SSH_FXP_NAME messages with suspiciously malformed 'longname' fields.

However, no specific detection commands or signatures are provided in the available resources.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-0968. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart