A serious vulnerability in libssh2, tracked as CVE-2026-58050, has been publicly disclosed. The flaw, which scores 8.3 on the CVSS scale, affects versions up to 1.11.1. An integer overflow in the publickey subsystem can allow a malicious SSH server to corrupt the heap of a client. Proof-of-concept code is public, raising the urgency for patching. Users should upgrade libssh2 to a fixed version once available and restrict SSH connections to trusted hosts. The vulnerability stems from inadequate bounds checking, marking it as a potential risk for anyone connecting to malicious servers.
CVE-2026-58050 bug lets bad SSH servers hijack libssh2 clients
CyberSIXT Evidence Panel
Article by CyberSIXT