Home/ Blog/ Security news/ Article
Blog · Security news

libssh2 flaw: a malicious SSH server can hijack the client connecting to it

libssh2's CVE-2026-55200 lets a malicious SSH server run code on the client that connects to it. No login, a public PoC is out, and there is no tagged fix yet.

Suriq security brief cover illustration for libssh2 flaw: a malicious SSH server can hijack the client connecting to it

Every guide to securing SSH points the same way: lock down the server. Use keys instead of passwords, rate-limit logins, disable root. A newly disclosed flaw in libssh2, the library that programs link against to act as an SSH client, turns that advice inside out. Tracked as CVE-2026-55200, it lets a malicious or compromised server corrupt memory on whatever connects to it, before any login and with no user interaction. The side that opened the connection is the side that gets taken over.

The risk now runs the other way down an SSH connection

An SSH session has two ends, and almost all the hardening we do lives on the server end. This bug sits on the client end. libssh2 is not a server daemon; it is what software embeds to be an SSH client, so the exposure belongs to anything that reaches out: git pulling over SSH, curl, backup agents, firmware updaters, and monitoring tools that log into devices. The flaw carries a CVSS score of 9.2 on the newer 4.0 scale, and researcher Tristan Madani reported it. A malicious server gets to run its attack during the first packets of the handshake, before your client has authenticated anything.

This is the same shape as a class of bugs we keep seeing: the thing you fetch attacks the thing that fetched it. A video your server decodes on its own can run attacker code, and now an SSH server you connect to can corrupt your client. Initiating the connection has never made the initiator safe, and outbound SSH is one more place that assumption breaks.

What goes wrong during the handshake

The defect is an integer overflow that becomes a heap write past the end of a buffer, cataloged as CWE-680. During the opening exchange, libssh2 reads a length field off the wire that the remote side fully controls, inside the function ssh2_transport_read() in transport.c. The code refused a length below one but set no ceiling on how large the value could be. Hand it a number close to the 32-bit maximum and the size arithmetic wraps around, so the library reserves a tiny buffer, as small as 19 bytes in the public analysis, then tries to write the full oversized packet into it. Memory next to that buffer gets overwritten, and it happens pre-authentication.

A proof-of-concept is public, archived in a repository called exploitarium, but it is a locally run trigger script rather than a finished remote exploit. There is no confirmed exploitation in the wild yet, and CISA's catalog still lists the flaw as not known to be exploited. That is the window defenders have, and the dates show how narrow it already is.

libssh2 CVE-2026-55200: patched in code, not yet shippableJun 12, 2026: Fix merged to libssh2 mainline (PR #2052). Jun 29, 2026: Public proof-of-concept published. Now: No tagged release yet; distributions backporting the patch.libssh2 CVE-2026-55200: patched in code, not yet shippableJun 12, 2026Fix merged tolibssh2 mainlineJun 29, 2026Publicproof-of-conceptNowNo taggedrelease yet;
Sources: libssh2 PR #2052 (commit 97acf3d), The Hacker News, NVD.

Where libssh2 is hiding in your stack

libssh2 is embedded far more widely than most teams track. It ships inside git and curl builds, PHP, language bindings, backup tooling, device firmware, and a long list of network appliances. Many of those copies are compiled in statically, which matters for the fix.

The real blast radius is not an engineer typing ssh to a server they trust. It is automation that connects out to endpoints someone else can influence: continuous-integration runners cloning repositories over SSH, backup jobs pulling from remote hosts, device-management systems that log into gear in the field, and anything that follows a URL or hostname an attacker can redirect. A malicious or man-in-the-middled server on the far end of one of those connections is exactly the precondition this flaw needs. Treat outbound SSH from unattended systems as the exposure, not interactive admin sessions.

Inventory the copies before you patch one

The fix exists, but not yet as something you can install with a version bump. It landed as a mainline source commit, 97acf3d, merged through pull request #2052 on June 12, and there is no tagged libssh2 release carrying it. Distributions are backporting the patch into their own packages. So "update libssh2 to the latest version" is not actionable advice today. Watch your distribution's security tracker and apply the patched package the moment it lands.

A package update will also miss every statically linked copy buried inside other software. That is where a software bill of materials earns its place: scan your builds and images for libssh2, and rebuild anything that bundles its own copy once a patched version is available. This is a find-and-fix job across dependencies, the same discipline as tracking down every host running a vulnerable libslirp rather than trusting one apt command. The other lever is reachability: where you can, restrict which hosts your automation is allowed to open SSH to, so a poisoned endpoint never gets to speak to a vulnerable client in the first place. CVSS 9.2 puts this near the top of the queue, alongside the other critical-rated flaws that need triage this week, and the cost of waiting is the same lesson unpatched edge devices keep teaching.

Topics

Frequently asked questions

What is CVE-2026-55200 in libssh2?

It is a critical client-side flaw in libssh2, the library software uses to act as an SSH client. A malicious or compromised server can send a crafted handshake packet that corrupts memory on the connecting client, with no credentials and no user interaction. It is rated CVSS 9.2.

Which libssh2 versions are affected and what is the fix?

Every libssh2 release through 1.11.1 is affected. The fix is mainline commit 97acf3d, merged as pull request #2052 on June 12, 2026. There is no tagged release yet, so most users will get it as a backported package from their Linux distribution.

Is CVE-2026-55200 being exploited in the wild?

Not as of now. A public proof-of-concept exists in a repository called exploitarium, but it is a locally run trigger script rather than a finished remote exploit, and CISA's catalog still lists the flaw as not known to be exploited. Patch before that changes.

Who is most at risk from this libssh2 flaw?

Automation that opens SSH connections to hosts it does not fully control. That means continuous-integration runners cloning over SSH, backup agents pulling from remote servers, and device-management tools that log into field equipment. An engineer connecting to a known, trusted server is far lower risk.

Why is patching libssh2 harder than a normal update?

Because libssh2 is often statically linked into other software, including git, curl, PHP, and appliance firmware. Updating the system package does not touch those bundled copies. You need a software bill of materials to find them, then rebuild anything that ships its own libssh2 once a patched version is available.

Ready to meet the Guardians?

Deploys fast - agentless for monitoring and cloud, a lightweight agent for deep endpoint security. Just Suriq, standing watch.