VYPR
High severity8.2NVD Advisory· Published Mar 26, 2026· Updated May 19, 2026

CVE-2026-0966

CVE-2026-0966

Description

A flaw was found in libssh. The API function ssh_get_hexa() is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to SSH_LOG_PACKET (3) or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

20

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.