High severity7.3NVD Advisory· Published May 1, 2026· Updated May 7, 2026
CVE-2026-7598
CVE-2026-7598
Description
A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- osv-coords3 versionspkg:apk/chainguard/libssh2pkg:apk/wolfi/libssh2pkg:rpm/opensuse/libssh2_org&distro=openSUSE%20Tumbleweed
< 1.11.1-r5+ 2 more
- (no CPE)range: < 1.11.1-r5
- (no CPE)range: < 1.11.1-r5
- (no CPE)range: < 1.11.1-3.1
Patches
Vulnerability mechanics
References
5- github.com/libssh2/libssh2/commit/256d04b60d80bf1190e96b0ad1e91b2174d744b1nvdPatch
- vuldb.com/submit/805564nvdThird Party AdvisoryVDB Entry
- vuldb.com/vuln/360555nvdThird Party AdvisoryVDB Entry
- github.com/libssh2/libssh2/pull/1858nvdIssue Tracking
- vuldb.com/vuln/360555/ctinvdPermissions RequiredVDB Entry
News mentions
1- Patch Tuesday - May 2026Rapid7 Blog · May 13, 2026