What is the CVSS score of CVE-2026-0966?

CVE-2026-0966 has a CVSS 3.1 base score of 8.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H. EPSS exploitation probability: 0.1%.

Which versions of libssh are affected by CVE-2026-0966?

libssh versions 0.11.x and earlier contain an unauthenticated remote denial-of-service vulnerability (CVE-2026-0966) that allows attackers to crash SSH server processes by sending malformed GSSAPI…. A patch is available.

libssh CVE-2026-0966

EUVD-2026-16330 HIGH

Buffer Underwrite ('Buffer Underflow') (CWE-124)

2026-03-26 redhat

GHSA-wcqf-w94x-4wg2

Information Disclosure

8.2

CVSS 3.1

Temporal: 6.5

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 30, 2026 - 16:42 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 30, 2026 - 16:37 vuln.today

cvss_changed

Severity Changed

Apr 30, 2026 - 16:37 NVD

MEDIUM HIGH

CVSS changed

Apr 30, 2026 - 16:37 NVD

6.5 (MEDIUM) 8.2 (HIGH)

Patch released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 26, 2026 - 20:31 euvd

EUVD-2026-16330

Analysis Generated

Mar 26, 2026 - 20:31 vuln.today

CVE Published

Mar 26, 2026 - 20:06 nvd

MEDIUM 6.5

DescriptionNVD

The API function ssh_get_hexa() is vulnerable, when 0-lenght input is provided to this function. This function is used internally in ssh_get_fingerprint_hash() and ssh_print_hexa() (deprecated), which is vulnerable to the same input (length is provided by the calling application).

The function is also used internally in the gssapi code for logging the OIDs received by the server during GSSAPI authentication. This could be triggered remotely, when the server allows GSSAPI authentication and logging verbosity is set at least to SSH_LOG_PACKET (3). This could cause self-DoS of the per-connection daemon process.

AnalysisAI

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon processes via malformed GSSAPI authentication OID payloads. The vulnerability affects the ssh_get_hexa() API function when processing zero-length input, exploitable remotely when GSSAPI authentication is enabled and logging verbosity is set to SSH_LOG_PATCH (level 3) or higher. …

RemediationAI

Within 24 hours: Inventory all systems running libssh 0.11.x or earlier, prioritizing production SSH servers. Within 7 days: Deploy vendor patches (libssh 0.11.4 or 0.12.0) to all affected systems via your standard change control process. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Vendor StatusVendor

Ubuntu

Priority: Low

libssh

Release	Status	Version
upstream	released	0.11.4
jammy	released	0.9.6-2ubuntu0.22.04.6
noble	released	0.10.6-2ubuntu0.3
questing	released	0.11.2-1ubuntu0.2
bionic	released	0.8.0~20170825.94fa1e38-1ubuntu0.7+esm6
focal	released	0.9.3-2ubuntu2.5+esm3
xenial	released	0.6.3-4.3ubuntu0.6+esm4

USN-8051-1 USN-8051-2

Debian

Bug #1127693

libssh

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	0.9.8-0+deb11u1	-
bullseye (security)	vulnerable	0.9.8-0+deb11u2	-
bookworm	vulnerable	0.10.6-0+deb12u2	-
bookworm (security)	vulnerable	0.10.6-0+deb12u1	-
trixie	vulnerable	0.11.2-1+deb13u1	-
forky	vulnerable	0.11.3-1	-
sid	fixed	0.12.0-3	-
(unstable)	fixed	0.12.0-1	-

CVE-2026-0966 vulnerability details – vuln.today

Back

libssh CVE-2026-0966

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code