Low severity3.1NVD Advisory· Published Mar 26, 2026· Updated May 19, 2026
CVE-2026-0968
CVE-2026-0968
Description
A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an SSH_FXP_NAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
17cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- osv-coords13 versionspkg:rpm/almalinux/libsshpkg:rpm/almalinux/libssh-configpkg:rpm/almalinux/libssh-develpkg:rpm/opensuse/libssh&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libssh&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/libssh&distro=SUSE%20Linux%20Micro%206.1
< 0.12.0-2.el10+ 12 more
- (no CPE)range: < 0.12.0-2.el10
- (no CPE)range: < 0.12.0-2.el10
- (no CPE)range: < 0.12.0-2.el10
- (no CPE)range: < 0.9.8-150600.11.9.1
- (no CPE)range: < 0.11.4-1.1
- (no CPE)range: < 0.9.8-150200.13.15.1
- (no CPE)range: < 0.9.8-150400.3.17.1
- (no CPE)range: < 0.9.8-150400.3.17.1
- (no CPE)range: < 0.9.8-150400.3.17.1
- (no CPE)range: < 0.9.8-150600.11.9.1
- (no CPE)range: < 0.9.8-3.21.1
- (no CPE)range: < 0.10.6-4.1
- (no CPE)range: < 0.10.6-slfo.1.1_4.1
Patches
Vulnerability mechanics
References
5- access.redhat.com/security/cve/CVE-2026-0968nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdThird Party Advisory
- www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/nvdRelease Notes
- access.redhat.com/errata/RHSA-2026:18160nvd
- access.redhat.com/errata/RHSA-2026:18683nvd
News mentions
0No linked articles in our index yet.