{"id":"CVE-2026-55199","summary":"libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler","details":"libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSH_MSG_EXT_INFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can set nr_extensions to 0xFFFFFFFF during key exchange, causing the client to spin in a tight CPU loop for over 60 seconds because return values from _libssh2_get_string() are unchecked and the session timeout does not apply to CPU-bound loops.","modified":"2026-07-17T09:44:29.733710599Z","published":"2026-06-17T18:44:18.048Z","related":["CGA-32qh-2fmp-5rmv","SUSE-SU-2026:22284-1","SUSE-SU-2026:22364-1","SUSE-SU-2026:22438-1","SUSE-SU-2026:3074-1","SUSE-SU-2026:3076-1","SUSE-SU-2026:3082-1","openSUSE-SU-2026:11109-1","openSUSE-SU-2026:21057-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55199.json","cna_assigner":"VulnCheck","cwe_ids":["CWE-835"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/55xxx/CVE-2026-55199.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-55199"},{"type":"ADVISORY","url":"https://www.vulncheck.com/advisories/libssh2-pre-authentication-dos-via-ssh-msg-ext-info-handler"},{"type":"REPORT","url":"https://github.com/libssh2/libssh2/pull/1864"},{"type":"FIX","url":"https://github.com/libssh2/libssh2/commit/17626857d20b3c9a1addfa45979dadcee1cd84a4"},{"type":"PACKAGE","url":"https://github.com/libssh2/libssh2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libssh2/libssh2","events":[{"introduced":"0"},{"fixed":"17626857d20b3c9a1addfa45979dadcee1cd84a4"}],"database_specific":{"cpe":"cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"1.11.1"}],"source":["CPE_RANGE","REFERENCES"]}}],"versions":["libssh2-1.11.1","libssh2-1.11.0","libssh2-1.10.0","libssh2-1.9.0","libssh2-1.8.0","libssh2-1.7.0","libssh2-1.6.0","libssh2-1.5.0","libssh2-1.4.3","libssh2-1.4.2","libssh2-1.4.1","libssh2-1.4.0","libssh2-1.3.0","libssh2-1.2.9","libssh2-1.2.8","libssh2-1.2.7","libssh2-1.2.6","libssh2-1.2.5","libssh2-1.2.4","libssh2-1.2.3","libssh2-1.2.1","libssh2-1.2","RELEASE.1.1","RELEASE.1.0","RELEASE.0.18","RELEASE.0.17","RELEASE.0.16","RELEASE.0.15","beforenb2-0.14","beforenb-0.14","RELEASE.0.14","RELEASE.0.13","RELEASE.0.12","RELEASE.0.11","RELEASE.0.10","RELEASE.0.8","RELEASE.0.7","RELEASE.0.6","RELEASE.0.5","RELEASE.0.3","RELEASE.0.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-55199.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}]}