CVE-2026-7598
Awaiting Analysis Awaiting Analysis - Queue
Integer Overflow in libssh2 via userauth_password

Publication date: 2026-05-01

Last updated on: 2026-05-07

Assigner: VulDB

Description
A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-01
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7598
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libssh2 libssh2 to 1.11.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-189
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in libssh2 versions up to 1.11.1, specifically in the function userauth_password within the file src/userauth.c.

The issue arises due to manipulation of the arguments username_len and password_len, which leads to an integer overflow.

An attacker can exploit this vulnerability remotely.

A patch identified by the commit 256d04b60d80bf1190e96b0ad1e91b2174d744b1 has been released to fix this issue.

Impact Analysis

Exploitation of this vulnerability can lead to security risks due to the integer overflow in the authentication function.

Since the vulnerability can be triggered remotely, an attacker might be able to compromise the authentication process.

This could potentially allow unauthorized access or other malicious actions depending on the context in which libssh2 is used.

Mitigation Strategies

To mitigate this vulnerability, you should apply the patch named 256d04b60d80bf1190e96b0ad1e91b2174d744b1 to the libssh2 library.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7598. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart