It was discovered that libssh2 incorrectly handled the sftp_symlink() function. A malicious SSH server or machine-in-the-middle attacker could possibly use this issue to obtain sensitive information or cause a denial of service. (CVE-2025-15661) It was discovered that libssh2 had a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler. A malicious SSH server could possibly use this issue to cause a client CPU exhaustion loop, resulting in a denial of service. (CVE-2026-55199) It was discovered that libssh2 incorrectly handled packet length fields. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-55200)
Continue reading...
Continue reading...

