Hello list,

With credit to the NHS Digital Cyber security team for publishing[1] a
notice about CVE-2026-55200 that alerted me to these:

Three vulnerabilities in libssh2 - a popular client library for the
Unix secure shell protocol (aka SSH) - have been published as CVEs:

- High severity, 8.3 rating: CVE-2025-15661
- High severity, 8.2 rating: CVE-2026-55199
- Critical severity, 9.2 rating: CVE-2026-55200

The vulnerabilities affect versions up-to-and-including v1.11.1 of the
libssh2 library.

Patches/commits fixing each of the vulnerabilities are available and
have been merged into the libssh2 mainline development source control
branch.

A release containing these fixes is under preparation.

For reference:

The commit IDs of the fixes for each of the vulnerabilities,
respectively, as found in the GitHub libssh2/libssh2.git repository,
are:

- 2dae3024897e1898d389835151f4e9606227721d
- 17626857d20b3c9a1addfa45979dadcee1cd84a4
- 97acf3dfda80c91c3a8c9f2372546301d4a1a7a8

Regards,
James

[1] - https://digital.nhs.uk/cyber-alerts/2026/cc-4799

--
OpenCulinary C.I.C. is a Community Interest Company, number SC647817,
registered in Scotland, United Kingdom and with registered company
address The Melting Pot, 15 Calton Road, Edinburgh, Scotland, EH8 8DL.

Reply via email to