VYPR
Low severity3.1NVD Advisory· Published Mar 26, 2026· Updated May 19, 2026

CVE-2026-0968

CVE-2026-0968

Description

A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an SSH_FXP_NAME message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

17

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.