libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can set nrextensions to 0xFFFFFFFF during key exchange, causing the client to spin in a tight CPU loop for over 60 seconds because return values from libssh2get_string() are unchecked and the session timeout does not apply to CPU-bound loops.
{
"sources": [
{
"url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-55199",
"html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55199",
"modified": "2026-06-26T19:16:37.353Z",
"id": "CVE-2026-55199",
"imported": "2026-07-09T16:14:55.269Z",
"published": "2026-06-17T20:17:28.520Z",
"database_specific": {
"status": "Analyzed"
}
},
{
"url": "https://api.github.com/advisories/GHSA-3cfq-4xx4-rmpg",
"html_url": "https://github.com/advisories/GHSA-3cfq-4xx4-rmpg",
"modified": "2026-06-17T21:34:45Z",
"imported": "2026-07-09T16:15:01.193Z",
"published": "2026-06-17T21:34:39Z",
"id": "GHSA-3cfq-4xx4-rmpg"
},
{
"url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-37782",
"published": "2026-06-17T18:44:18Z",
"html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-37782",
"imported": "2026-07-09T16:14:57.240Z",
"id": "EUVD-2026-37782",
"modified": "2026-06-18T15:31:59Z"
}
],
"license": "CC-BY-4.0"
}