CVE-2026-0965

Libssh: libssh: denial of service via improper configuration file handling

Published: 3/26/2026 Last updated: 5/19/2026 Reserved: 1/14/2026

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.0	3.3	Low	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Opam packages affected (1)

libssh

Products affected (16)

Product	Vendor	Version
Red Hat Enterprise Linux 10	Red Hat	All versions < V4.1.4
Red Hat Enterprise Linux 9	Red Hat	All versions < V4.1.4
Red Hat Enterprise Linux 9	Red Hat	All versions < V4.1.4
Red Hat Enterprise Linux 8	Red Hat	All versions < V4.1.4
Red Hat Enterprise Linux 10	Red Hat	Lync 2010
Red Hat Enterprise Linux 9	Red Hat	Lync 2010 Attendee
Red Hat Enterprise Linux 9	Red Hat	Live Meeting 2007 Add-in and Console
Red Hat Enterprise Linux 8	Red Hat	< 68.1
Red Hat Enterprise Linux 7	Red Hat	< 69
Red Hat Enterprise Linux 6	Red Hat	OFBiz 16.11.01 to 16.11.05
Red Hat Hardened Images	Red Hat	All versions < V4.1.4
Red Hat Hardened Images	Red Hat	n/a
Red Hat Enterprise Linux 6	Red Hat	All versions < V4.1.4
Red Hat Enterprise Linux 7	Red Hat	All versions < V4.1.4
Red Hat OpenShift Container Platform 4	Red Hat	See References
Red Hat OpenShift Container Platform 4	Red Hat	All versions < V4.1.4

References (8)

Credits (2)

Red Hat would like to thank Jakub Jelen (libssh) and Kang Yang for reporting this issue.
Red Hat would like to thank Jakub Jelen (libssh) and Kang Yang for reporting this issue.