Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
Libssh SFTP Extension Name Handler Exposes Sensitive Data
CVE-2026-3731
Summary
A bug in libssh's SFTP extension can allow an attacker to access sensitive data on a remote server. This can happen when a malicious user manipulates certain inputs. To fix this issue, update libssh to version 0.11.4 or 0.12.0.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| libssh | libssh | <= 0.11.3 | – |
Original title
A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension ...
Original description
A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component.
nvd CVSS2.0
5.0
nvd CVSS3.1
5.3
nvd CVSS4.0
6.9
Vulnerability type
CWE-119
Buffer Overflow
CWE-125
Out-of-bounds Read
- https://gitlab.com/libssh/libssh-mirror/-/commit/855a0853ad3abd4a6cd85ce06fce6d8...
- https://vuldb.com/?ctiid.349709
- https://vuldb.com/?id.349709
- https://vuldb.com/?submit.767120
- https://www.libssh.org/files/0.12/libssh-0.12.0.tar.xz
- https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt
Published: 8 Mar 2026 · Updated: 13 Mar 2026 · First seen: 8 Mar 2026