{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0965", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2026-01-14T21:54:51.315Z", "datePublished": "2026-03-26T20:06:33.336Z", "dateUpdated": "2026-05-12T16:55:27.232Z"}, "containers": {"cna": {"title": "Libssh: libssh: denial of service via improper configuration file handling", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:10"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Hardened Images", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "libssh2", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:hummingbird:1"]}, {"vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rhcos", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:openshift:4"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-0965", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436980", "name": "RHBZ#2436980", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2026-02-10T18:47:22.524Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-73", "description": "External Control of File Name or Path", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-73: External Control of File Name or Path", "workarounds": [{"lang": "en", "value": "Ensure the client and server are using only regular files as configuration."}], "timeline": [{"lang": "en", "time": "2026-02-04T23:40:45.160Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-02-10T18:47:22.524Z", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank Jakub Jelen (libssh) and Kang Yang for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-05-01T16:05:33.809Z"}, "x_generator": {"engine": "cvelib 1.8.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T11:31:36.431851Z", "id": "CVE-2026-0965", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-12T16:55:27.232Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0965", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T11:31:36.431851Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T11:31:41.875Z"}}], "cna": {"title": "Libssh: libssh: denial of service via improper configuration file handling", "credits": [{"lang": "en", "value": "Red Hat would like to thank Jakub Jelen (libssh) and Kang Yang for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.3, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 10", "packageName": "libssh", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "libssh2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "libssh2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "libssh", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "libssh", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:hummingbird:1"], "vendor": "Red Hat", "product": "Red Hat Hardened Images", "packageName": "libssh2", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "vendor": "Red Hat", "product": "Red Hat OpenShift Container Platform 4", "packageName": "rhcos", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2026-02-04T23:40:45.160Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-02-10T18:47:22.524Z", "value": "Made public."}], "datePublic": "2026-02-10T18:47:22.524Z", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2026-0965", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436980", "name": "RHBZ#2436980", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "workarounds": [{"lang": "en", "value": "Ensure the client and server are using only regular files as configuration."}], "x_generator": {"engine": "cvelib 1.8.0"}, "descriptions": [{"lang": "en", "value": "A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2026-05-01T16:05:33.809Z"}, "x_redhatCweChain": "CWE-73: External Control of File Name or Path"}}, "cveMetadata": {"cveId": "CVE-2026-0965", "state": "PUBLISHED", "dateUpdated": "2026-05-01T16:05:33.809Z", "dateReserved": "2026-01-14T21:54:51.315Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2026-03-26T20:06:33.336Z", "assignerShortName": "redhat"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*", "matchCriteriaId": "2366D711-FD0B-4A04-92BA-DE6DA0ED1BCF", "versionEndIncluding": "0.11.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en libssh donde puede intentar abrir archivos arbitrarios durante el an\u00e1lisis de la configuraci\u00f3n. Un atacante local puede explotar esto al proporcionar un archivo de configuraci\u00f3n malicioso o cuando el sistema est\u00e1 mal configurado. Esta vulnerabilidad podr\u00eda llevar a una denegaci\u00f3n de servicio (DoS) al hacer que el sistema intente acceder a archivos peligrosos, como dispositivos de bloque o archivos de sistema grandes, lo que puede interrumpir las operaciones normales."}], "id": "CVE-2026-0965", "lastModified": "2026-04-02T17:33:46.463", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}]}, "published": "2026-03-26T21:17:00.607", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2026-0965"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436980"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Jakub Jelen (libssh) and Kang Yang for reporting this issue.", "bugzilla": {"description": "libssh: libssh: Denial of Service via improper configuration file handling", "id": "2436980", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436980"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-73", "details": ["No description is available for this CVE."], "mitigation": {"lang": "en:us", "value": "Ensure the client and server are using only regular files as configuration."}, "name": "CVE-2026-0965", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "libssh", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libssh2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libssh2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "libssh", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "libssh", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-02-10T18:47:22Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-0965\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-0965"], "threat_severity": "Low"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": null}], "product": "libssh", "vendor": "libssh"}], "analysis": {"en": {"generated_at": "2026-04-15T15:37:40.526088+00:00", "value": {"mitigation_remediation": ["Update libssh to a version that includes the fix or apply the vendor-supplied patch if available.", "Ensure that both client and server use only regular files for configuration, following the provided workaround to prevent arbitrary file access.", "Restrict write permissions on libssh configuration files so that local or unprivileged users cannot create or modify them."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Red\u00a0Hat Enterprise\u00a0Linux\u00a06 through\u00a010, Red\u00a0Hat Hardened Images, and Red\u00a0Hat OpenShift Container Platform\u00a04 all use libssh and are affected. The vulnerability affects systems that rely on libssh for configuration processing, regardless of the specific libssh version bundled with these distributions.", "description_and_impact": "A flaw in libssh allows it to attempt opening arbitrary files while parsing configuration, which can cause the system to access dangerous files such as block devices or large system files. This results in a denial of service, disrupting normal operations without compromising confidentiality or integrity. The weakness corresponds to unsanitized file path handling (CWE-73).", "risk_and_exploitability": "The CVSS score of 3.3 indicates low to moderate risk, and the EPSS score of less than 1% suggests a very low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Exploitation likely requires a local or privileged attacker to supply a malicious configuration file or otherwise misconfigure the system. While the impact is limited to service disruption, it can be significant in environments that rely on continuous availability."}}}}, "created": "2026-02-16T12:03:34.997979+00:00", "updated": "2026-04-15T16:45:09.793773+00:00", "vendors": ["libssh", "libssh$PRODUCT$libssh"]}