CVE-2026-0968

CWE-476 — NULL Pointer Dereference9 documents8 sources

Severity

3.1LOW

EPSS

0.1%

top 80.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libssh Libssh Redhat Enterprise Linux

Timeline

PublishedMar 26

Description

A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶Debianlibssh< 0.12.0-1

▶NVDlibssh/libssh0.11.3

Also affects: Enterprise Linux 10.0, 9.0

🔴Vulnerability Details

OSV

CVE-2026-0968: A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field with↗2026-03-26

▶

CVEList

Libssh: libssh: denial of service due to malformed sftp message↗2026-03-26

▶

GHSA

GHSA-6w3m-r3qq-cr2h: A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field with↗2026-03-26

▶

📋Vendor Advisories

Ubuntu

libssh vulnerabilities↗2026-02-23

▶

Ubuntu

libssh vulnerabilities↗2026-02-18

▶

Red Hat

libssh: libssh: Denial of Service due to malformed SFTP message↗2026-02-10

▶

Debian

CVE-2026-0968: libssh - A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol...↗2026

▶

🕵️Threat Intelligence

Wiz

CVE-2026-0968 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶