CRITICALVulnerability
Global

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

·Source: The Hacker News

Updated:

Executive Summary

A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2. libssh2 is a client-side SSH library, not a server.

Analysis

A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2. libssh2 is a client-side SSH library, not a server.

Indicators of Compromise (1)

CVE (1)
CVE-2026-55200
Source Attribution

Originally published by The Hacker News on Jun 29, 2026.

Related Threats