What is CVE-2026-55199?

CVE-2026-55199 is a medium-severity vulnerability in Libssh2, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 5.9/10. Published 2026-06-17.

How severe is CVE-2026-55199?

Medium severity. CVSS v3 base score is 5.9 out of 10.

Vulnerability in Libssh2

CVE-2026-55199

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by send…

CVSS v3 metric

CVSS v3 base score 5.9 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H.

Affected products

Libssh2 — versions 0, 17626857d20b3c9a1addfa45979dadcee1cd84a4

Weakness classification (CWE)

CWE-835 — Loop with Unreachable Exit Condition (Infinite Loop)

References

disclosure@vulncheck.com (issue-tracking)
disclosure@vulncheck.com (patch)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2026-55199?: CVE-2026-55199 is a medium-severity vulnerability in Libssh2, classified under Loop with Unreachable Exit Condition (Infinite Loop). CVSS score: 5.9/10. Published 2026-06-17.
How severe is CVE-2026-55199?: Medium severity. CVSS v3 base score is 5.9 out of 10.