Tag

Pre Auth

All articles tagged with #pre auth

Public PoC Reveals Critical libssh2 Pre-Auth Bug (CVE-2026-55200)
security11 days ago

Public PoC Reveals Critical libssh2 Pre-Auth Bug (CVE-2026-55200)

A public proof-of-concept exposes a critical pre-auth memory-corruption flaw in libssh2 (CVE-2026-55200) that can trigger code execution when a client connects to a malicious SSH server; affects all releases up to 1.11.1 with a CVSS of 9.2. No fixed release exists yet; the patch is in mainline and backports are underway (e.g., Debian testing). Inventory every usage of libssh2, including static or bundled copies, and apply a build containing commit 97acf3d. Until patched, restrict outbound SSH, verify host keys, and monitor for oversized-packet anomalies. Related issues CVE-2026-55199 and CVE-2025-15661 are also noted; exploitation in the wild has not been observed.