CVE-2026-0965
published 2026-03-26CVE-2026-0965: A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a…
low3.3CVSS 3.0
AVLACLPRLUINSUCNINAL
A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libssh | < libssh 0.12.0-1 (forky) | libssh 0.12.0-1 (forky) |
| libssh | libssh | <= 0.11.3 | — |
| libssh | libssh | >= 0 < 0.12.0-1 | 0.12.0-1 |
| libssh | libssh | >= 0 < 0.9.6-2ubuntu0.22.04.6 | 0.9.6-2ubuntu0.22.04.6 |
| libssh | libssh | >= 0 < 0.10.6-2ubuntu0.3 | 0.10.6-2ubuntu0.3 |
| libssh | libssh | >= 0 < 0.11.2-1ubuntu0.2 | 0.11.2-1ubuntu0.2 |
| libssh | libssh | >= 0 < 0.6.3-4.3ubuntu0.6+esm4 | 0.6.3-4.3ubuntu0.6+esm4 |
| libssh | libssh | >= 0 < 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm6 | 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm6 |
| libssh | libssh | >= 0 < 0.9.3-2ubuntu2.5+esm3 | 0.9.3-2ubuntu2.5+esm3 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.03.3LOWCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
osv3.3LOW