CVE-2026-10650— warmcat libwebsockets SSH Protocol sshd.c lws_ssh_parse_plaintext resource consumption
Possible ATT&CK Techniques 1AI
T1190 · Exploit Public-Facing ApplicationGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-10650
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
warmcat libwebsockets SSH Protocol sshd.c lws_ssh_parse_plaintext resource consumption
Source: NVD (National Vulnerability Database)
Vulnerability Description
A flaw has been found in warmcat libwebsockets up to 4.5.8. This issue affects the function lws_ssh_parse_plaintext of the file plugins/protocol_lws_ssh_base/sshd.c of the component SSH Protocol Handler. Executing a manipulation of the argument msg_len can lead to resource consumption. The attack may be launched remotely. The exploit has been published and may be used. This patch is called 3f9f0c6ecaf0e6f3f219d30632c5d1f2479d7498. A patch should be applied to remediate this issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| warmcat | libwebsockets | 4.5.0 | cpe:2.3:a:warmcat:libwebsockets:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2026-10650
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-10650
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-10650 (1)
Proof of Concept for CVE-2026-10650 (2)
IV. Related Vulnerabilities
Same vendor: warmcat
- CVE-2025-11680
Out-of-bounds Write in libwebsockets PNG parsing - CVE-2025-11679
Out-of-bounds Read in libwebsockets PNG parsing - CVE-2025-11678
Stack-based Buffer Overflow in libwebsockets DNS response pa - CVE-2025-11677
Use After Free in libwebsockets WebSocket server - CVE-2025-1866
Undefined Behavior Due to Out-of-Bounds Pointer Arithmetic i
Same weakness: CWE-400
- CVE-2024-14036
Dräger Core 1.0.5 Denial of Service via Malformed SDC Messag - CVE-2019-25724
Dräger Infinity M300 VG2.x Network-Based Denial of Service - CVE-2026-42342
React Router vulnerable to DoS via unbounded path expansion - CVE-2019-25721
Dräger Infinity M300 VG2.3.1 Network-Based Denial of Service - CVE-2026-45680
OpenTelemetry eBPF Instrumentation: Unbounded BPF internal m
V. Comments for CVE-2026-10650
No comments yet