libssh (AlmaLinux:10) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:10 package libssh, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2026-0966 — CVSS 8.2 (high): A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This…
CVE-2025-5318 — CVSS 8.1 (high): A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due…
CVE-2026-0964 — CVSS 6.3 (medium): A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory…
CVE-2026-0967 — CVSS 5.5 (medium): A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific…
CVE-2026-0965 — CVSS 3.3 (low): A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by…
CVE-2026-0968 — CVSS 3.1 (low): A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname'…