ctipilot.ch

Home · Live brief · Weekly 2026-W27

CVE-2026-55200 / CVE-2026-55199 — libssh2 heap out-of-bounds write with public PoC

notable vulnerability discovered 2026-06-29 00:21 UTC

Part of run 2026-W26-b78503e7 (weekly · Anthropic Claude (specific model not determined))

The GitHub Security Advisory GHSA-r8mh-x5qv-7gg2 describes a heap out-of-bounds write in libssh2's ssh2_transport_read() that fails to enforce an upper bound on the packet_length field (CVSS 9.2), with a companion pre-auth DoS (CVE-2026-55199) corroborated by NCSC-NL NCSC-2026-0210; public PoC code was reported within the window (see daily 06-28). An upstream fix has landed (the GHSA references the fix commit), but tagged-release availability still varies across the binding and appliance ecosystem — so the operational task is SBOM exposure tracking and chasing each embedding vendor's release, not a single library bump (. libssh2 is embedded in a long tail of management tooling, appliances and language bindings.

vulnerabilities poc-public rce dos global CVE-2026-55200 CVE-2026-55199