Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
libssh: Remote code execution possible through malicious SSH connections
OESA-2026-1492
Summary
The libssh library, used by programmers for SSH connections, contains security flaws that could allow an attacker to execute malicious code on a system. This could happen if a user connects to a malicious SSH server. Update to the latest version of libssh to fix these issues.
What to do
- Update libssh to version 0.10.5-9.oe2403.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | libssh | <= 0.10.5-9.oe2403 | 0.10.5-9.oe2403 |
Original title
libssh security update
Original description
The ssh library was designed to be used by programmers needing a working SSH implementation by the mean of a library. The complete control of the client is made by the programmer. With libssh, you can remotely execute programs, transfer files, use a secure and transparent tunnel for your remote programs. With its Secure FTP implementation, you can play with remote files easily, without third-party programs others than libcrypto (from openssl).
Security Fix(es):
(CVE-2026-0964)
(CVE-2026-0967)
Security Fix(es):
(CVE-2026-0964)
(CVE-2026-0967)
- https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA... Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-0964 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-0967 Vendor Advisory
Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026