Unrated

Integer Overflow in libssh2 publickey subsystem attribute allocation

IdentifiersCVE-2026-58050CWE-190

CVE-2026-58050 is a memory corruption vulnerability in libssh2 through 1.11.1 in the client-side handling of publickey-subsystem responses. libssh2 reads an attacker-controlled 32-bit attribute count from a server response and uses that value in the allocation expression num_attrs * sizeof(libssh2_publickey_attribute) without adequate bounds checking. On 32-bit platforms, this multiplication can overflow, resulting in an undersized heap allocation. A malicious SSH server can then cause the subsequent attribute-parsing loop to write beyond the allocated buffer, producing a heap buffer overflow in the connecting libssh2 client.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation allows a malicious SSH server to corrupt heap memory in a connecting libssh2 client. The likely outcomes include client crash and denial of service; because the flaw is a heap-based out-of-bounds write, it may also enable more severe consequences such as arbitrary code execution, depending on allocator behavior, memory layout, and exploit reliability on the target platform. The issue is remotely reachable in the client-to-server connection path and primarily affects 32-bit environments.

Mitigation

If you can’t patch tonight, do this now.

Until patched versions are deployed, avoid using affected libssh2-based clients to connect to untrusted or potentially malicious SSH servers, especially on 32-bit systems. Restrict outbound SSH access to trusted hosts, prefer 64-bit deployments where feasible, and monitor affected client applications for crashes or anomalous behavior during SSH publickey-subsystem interactions.

Remediation

Patch, then assume compromise.

Upgrade libssh2 to a fixed release once available from the vendor or downstream package maintainer. The fix should include strict validation of the attacker-controlled attribute count before allocation, safe checked multiplication for allocation size calculations, and defensive bounds checking during attribute parsing. If a vendor patch is available for 1.11.1 or earlier packaged versions, apply it promptly.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

Libssh2Libssh2application

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

8 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

8 SOURCESView more in app

cvefeed high severityNews

Jun 28, 2026

CVE-2026-58050 - libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation

An integer overflow in libssh2's publickey subsystem attribute allocation that can lead to a heap buffer overflow in a connecting client, particularly on 32-bit platforms, when interacting with a malicious SSH server.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity7

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2026-58050

NVD

nvd.nist.gov/vuln/detail/CVE-2026-58050

MITRE CWE · CWE-190

cwe.mitre.org