CVE-2026-0965

| EUVD-2026-16328 LOW
2026-03-26 redhat
3.3
CVSS 3.0

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 26, 2026 - 20:31 euvd
EUVD-2026-16328
Analysis Generated
Mar 26, 2026 - 20:31 vuln.today
CVE Published
Mar 26, 2026 - 20:06 nvd
LOW 3.3

Tags

Denial Of Service

Description

A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.

Analysis

libssh attempts to open arbitrary files during configuration parsing, allowing local attackers with limited privileges to trigger a denial of service by forcing access to dangerous files such as block devices or large system files. The vulnerability affects Red Hat Enterprise Linux versions 6, 7, 8, 9, and 10, as well as Red Hat OpenShift Container Platform 4, and requires local access with low privileges to exploit. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

17
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +16
POC: 0

Vendor Status

Ubuntu

Priority: Low
libssh
Release Status Version
upstream released 0.11.4
questing released 0.11.2-1ubuntu0.2
jammy released 0.9.6-2ubuntu0.22.04.6
noble released 0.10.6-2ubuntu0.3
bionic released 0.8.0~20170825.94fa1e38-1ubuntu0.7+esm6
focal released 0.9.3-2ubuntu2.5+esm3
xenial released 0.6.3-4.3ubuntu0.6+esm4
USN-8051-1 USN-8051-2

Debian

Bug #1127693
libssh
Release Status Fixed Version Urgency
bullseye vulnerable 0.9.8-0+deb11u1 -
bullseye (security) vulnerable 0.9.8-0+deb11u2 -
bookworm vulnerable 0.10.6-0+deb12u2 -
bookworm (security) vulnerable 0.10.6-0+deb12u1 -
trixie vulnerable 0.11.2-1+deb13u1 -
forky vulnerable 0.11.3-1 -
sid fixed 0.12.0-3 -
(unstable) fixed 0.12.0-1 -

Share

CVE-2026-0965 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy