CVE-2026-0968

A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.

CVSS v3 3.1 LOW

3.1^/10

CVSS v3 : LOW

V3 Legend

Vector : AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Exploitability : 1.6 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/security/cve/CVE-2026-0968
https://bugzilla.redhat.com/show_bug.cgi?id=2436982
https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-26 21:17

Updated : 2026-03-30 13:26

NVD link : CVE-2026-0968

Mitre link : CVE-2026-0968

CVE.ORG link : CVE-2026-0968

JSON object : View

Products Affected

No product.

CWE

CWE-476

NULL Pointer Dereference

3.1 /10