Description
A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.
CVSS vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4Attack Vector: Local
Complexity: Low
Privileges: Low
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: Low
Affected Packages2 packages
Also affects: Enterprise Linux 10.0, 9.0
🔴Vulnerability Details
4GHSAGHSA-q35q-xwh9-8pgw: A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing↗2026-03-26 OSVCVE-2026-0965: A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing↗2026-03-26 CVEListLibssh: libssh: denial of service via improper configuration file handling↗2026-03-26 OSVlibssh vulnerabilities↗2026-02-18 📋Vendor Advisories
4Ubuntulibssh vulnerabilities↗2026-02-23 Ubuntulibssh vulnerabilities↗2026-02-18 Red Hatlibssh: libssh: Denial of Service via improper configuration file handling↗2026-02-10 DebianCVE-2026-0965: libssh - A flaw was found in libssh where it can attempt to open arbitrary files during c...↗2026 🕵️Threat Intelligence
1WizCVE-2026-0965 Impact, Exploitability, and Mitigation Steps | Wiz↗