CVE-2026-55200 / CVE-2026-55199 — libssh2 heap out-of-bounds write with public PoC

The GitHub Security Advisory GHSA-r8mh-x5qv-7gg2 describes a heap out-of-bounds write in libssh2's ssh2_transport_read() that fails to enforce an upper bound on the packet_length field (CVSS 9.2), with a companion pre-auth DoS (CVE-2026-55199) corroborated by NCSC-NL NCSC-2026-0210; public PoC code was reported within the window (see daily 06-28). An upstream fix has landed (the GHSA references the fix commit), but tagged-release availability still varies across the binding and appliance ecosystem — so the operational task is SBOM exposure tracking and chasing each embedding vendor's release, not a single library bump (see § 11 caveat). libssh2 is embedded in a long tail of management tooling, appliances and language bindings.