A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2.
libssh2 is a client-side SSH library, not a server….
Read the rest of the story at Read More
Source: The Hacker News
Recent News
Leave a Comment