anonhaven
Ad

CVE-2026-0968

CRITICAL CVSS 3.1: 3.1 EPSS 0.01%
Updated Apr 13, 2026
Red Hat
Parameter Value
CVSS 3.1 (CRITICAL)
Affected Versions before 0.11.3
Type CWE-476 (NULL Pointer Dereference)
Vendor Red Hat
Public PoC No

A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Privileges Required
None
No privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
Low
Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-476 NULL Pointer Dereference

Vulnerable Products 3

Configuration From (including) Up to (excluding)
Libssh Libssh
cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
 <= 0.11.3
Redhat Enterprise_Linux
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
Redhat Enterprise_Linux
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*

References 3

https://access.redhat.com/security/cve/CVE-2026-0968
secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2436982
secalert@redhat.com
https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/
secalert@redhat.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-4636

Red Hat

8.1

CVE-2026-4634

Red Hat

7.5

CVE-2026-4325

Red Hat

5.3

CVE-2026-4282

Red Hat

7.4

CVE-2026-3872

Red Hat

7.3