CVE-2026-48107
Received Received - Intake
Heap-based Buffer Overflow in Russh SSH Client Library

Publication date: 2026-06-10

Last updated on: 2026-06-10

Assigner: GitHub, Inc.

Description
Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTH_INFO_REQUEST with an attacker-controlled prompt count, and the client would use that raw count directly in Vec::with_capacity(...) before validating that enough prompt data was actually present in the packet. This issue has been patched in version 0.61.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-10
Last Modified
2026-06-10
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2026-48107
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
russh russh to 0.61.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the russh Rust SSH client library versions from 0.37.0 up to but not including 0.61.0. It occurs in the keyboard-interactive authentication process, where a malicious SSH server can send a USERAUTH_INFO_REQUEST message with a crafted prompt count. The russh client uses this attacker-controlled prompt count directly to allocate memory (using Vec::with_capacity) without first verifying that the packet contains enough prompt data. This can lead to improper handling of memory allocation.

Impact Analysis

The vulnerability can impact users by causing a denial of service (DoS) condition. Since the client allocates memory based on an unvalidated prompt count, a malicious SSH server could exploit this to cause the client application to crash or behave unexpectedly. According to the CVSS score, the impact is rated as having high availability impact but no confidentiality or integrity impact.

Mitigation Strategies

To mitigate this vulnerability, upgrade the russh client library to version 0.61.0 or later, where the issue has been patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48107. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart