{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-7598", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-05-01T10:45:11.583Z", "datePublished": "2026-05-01T21:30:11.006Z", "dateUpdated": "2026-05-04T13:31:37.545Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-01T21:30:11.006Z"}, "title": "libssh2 userauth.c userauth_password integer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-190", "lang": "en", "description": "Integer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-189", "lang": "en", "description": "Numeric Error"}]}], "affected": [{"vendor": "n/a", "product": "libssh2", "versions": [{"version": "1.11.0", "status": "affected"}, {"version": "1.11.1", "status": "affected"}], "cpes": ["cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"}}], "timeline": [{"time": "2026-05-01T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-05-01T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-05-01T12:50:16.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "dapickle (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/vuln/360555", "name": "VDB-360555 | libssh2 userauth.c userauth_password integer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/360555/cti", "name": "VDB-360555 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/805564", "name": "Submit #805564 | libssh2 <= 1.11.1 Integer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/libssh2/libssh2/pull/1858", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/libssh2/libssh2/commit/256d04b60d80bf1190e96b0ad1e91b2174d744b1", "tags": ["patch"]}, {"url": "https://github.com/libssh2/libssh2/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"references": [{"url": "https://vuldb.com/submit/805564", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-05-04T13:31:33.083934Z", "id": "CVE-2026-7598", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-04T13:31:37.545Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-7598", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-04T13:31:33.083934Z"}}}], "references": [{"url": "https://vuldb.com/submit/805564", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-04T13:31:25.011Z"}}], "cna": {"tags": ["x_open-source"], "title": "libssh2 userauth.c userauth_password integer overflow", "credits": [{"lang": "en", "type": "reporter", "value": "dapickle (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*"], "vendor": "n/a", "product": "libssh2", "versions": [{"status": "affected", "version": "1.11.0"}, {"status": "affected", "version": "1.11.1"}]}], "timeline": [{"lang": "en", "time": "2026-05-01T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-05-01T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-05-01T12:50:16.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/360555", "name": "VDB-360555 | libssh2 userauth.c userauth_password integer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/360555/cti", "name": "VDB-360555 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/805564", "name": "Submit #805564 | libssh2 <= 1.11.1 Integer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/libssh2/libssh2/pull/1858", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/libssh2/libssh2/commit/256d04b60d80bf1190e96b0ad1e91b2174d744b1", "tags": ["patch"]}, {"url": "https://github.com/libssh2/libssh2/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "Integer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-189", "description": "Numeric Error"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-05-01T21:30:11.006Z"}}}, "cveMetadata": {"cveId": "CVE-2026-7598", "state": "PUBLISHED", "dateUpdated": "2026-05-04T13:31:37.545Z", "dateReserved": "2026-05-01T10:45:11.583Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-05-01T21:30:11.006Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"cpes": ["cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*"], "product": "libssh2", "vendor": "n/a", "versions": [{"status": "affected", "version": "1.11.0"}, {"status": "affected", "version": "1.11.1"}]}], "source": "cna@vuldb.com"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*", "matchCriteriaId": "00D62356-F677-41CF-AC66-2871AD2112BA", "versionEndIncluding": "1.11.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue."}], "id": "CVE-2026-7598", "lastModified": "2026-06-17T11:02:39.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-7598", "options": [{"exploitation": "poc"}, {"automatable": "yes"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2026-05-04T13:31:33.083934Z", "version": "2.0.3"}}]}, "published": "2026-05-01T22:16:16.947", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/libssh2/libssh2/"}, {"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/libssh2/libssh2/commit/256d04b60d80bf1190e96b0ad1e91b2174d744b1"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/libssh2/libssh2/pull/1858"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/submit/805564"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/vuln/360555"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/vuln/360555/cti"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/submit/805564"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}, {"lang": "en", "value": "CWE-190"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{"bugzilla": {"description": "libssh2: integer overflow via large username or password arguments", "id": "2464597", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464597"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in the libssh2 library. A remote attacker can exploit an integer overflow vulnerability in the `userauth_password` function by manipulating the `username_len` or `password_len` arguments and cause a heap-based buffer overflow. This leads to a crash to the application linked to the library and potentially allows arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "To mitigate this flaw, applications linked to the libssh2 library should be configured or updated to exclusively use public key authentication. Explicitly disabling password-based logins prevents the application from executing the vulnerable userauth_password function."}, "name": "CVE-2026-7598", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "libssh2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "libssh2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Affected", "package_name": "libssh2", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Affected", "package_name": "rust", "product_name": "Red Hat Hardened Images"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "conmon-rs", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_update_service:5", "fix_state": "Affected", "package_name": "openshift-update-service/openshift-update-service-rhel8", "product_name": "Red Hat OpenShift Update Service"}, {"cpe": "cpe:/a:redhat:trusted_profile_analyzer:2", "fix_state": "Affected", "package_name": "rhtpa/rhtpa-trustification-service-rhel9", "product_name": "Red Hat Trusted Profile Analyzer"}], "public_date": "2026-05-01T21:30:11Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-7598\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-7598\nhttps://github.com/libssh2/libssh2/\nhttps://github.com/libssh2/libssh2/commit/256d04b60d80bf1190e96b0ad1e91b2174d744b1\nhttps://github.com/libssh2/libssh2/pull/1858\nhttps://vuldb.com/submit/805564\nhttps://vuldb.com/vuln/360555\nhttps://vuldb.com/vuln/360555/cti"], "statement": "To exploit this flaw, an attacker needs to be able to supply an excessively large value to the arguments of the `userauth_password` function, typically to an application processing untrusted SSH authentication requests. The primary security impact of this issue is a crash to the application linked to the library due to memory corruption, potentially allowing arbitrary code execution.\nDefault Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and NX (No-Execute) stack protection, significantly increase the difficulty of achieving arbitrary code execution, limiting the impact of this vulnerability.\nDue to these reasons, this vulnerability has been rated with an important severity.", "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.11.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "1.11.1"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "libssh2", "source": "cna", "vendor": "n/a"}, "product": "libssh2", "vendor": "libssh2"}], "created": "2026-05-01T23:00:14.017257+00:00", "updated": "2026-05-01T23:30:06.018318+00:00", "vendors": ["libssh2", "libssh2$PRODUCT$libssh2"]}