All 13 CVE vulnerabilities found in libssh2, with AI-generated Chinese analysis, references, and POCs.
This page aggregates known security vulnerabilities for the libssh2 library, focusing on common weakness types such as buffer overflows and authentication bypasses. It compiles data from various vulnerability databases and vendor advisories, covering the entire lifecycle of the open-source SSH2 protocol library since its initial public release. Users can track historical security advisories from the libssh2 maintainers, understand the prevalence and impact of specific weakness classes within this codebase, and review the chronological history of disclosed flaws to assess risk. The aggregation aims to provide a consolidated view of the security posture of libssh2, helping developers, security engineers, and auditors identify patterns in reported issues, verify patch availability, and compare findings across different reporting sources. By centralizing these records, the page facilitates deeper analysis of recurring security defects, aiding in informed decision-making regarding library upgrades and mitigation strategies. This resource serves as a reference point for understanding how vulnerabilities have been identified and resolved over time, offering insight into the stability and maintenance practices associated with this widely used network library. All information is derived from publicly available security reports and does not include internal or unreleased data.
Vendor: The libssh2 Project
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-15661 | libssh2 - Heap Buffer Over-read via sftp_symlink() in sftp.c CWE-125 | 6.5 | Medium | 2026-06-18 |
| CVE-2026-55200 | libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c CWE-680 | 8.1 | High | 2026-06-17 |
| CVE-2026-55199 | libssh2 - Pre-Authentication DoS via SSH_MSG_EXT_INFO Handler CWE-835 | 5.9 | Medium | 2026-06-17 |
| CVE-2026-7598 | libssh2 userauth.c userauth_password integer overflow CWE-190 | 7.3 | High | 2026-05-01 |
| CVE-2019-3856 | libssh2 输入验证错误漏洞 CWE-190 | 8.8 | - | 2019-03-25 |
| CVE-2019-3857 | libssh2 输入验证错误漏洞 CWE-190 | 8.8 | - | 2019-03-25 |
| CVE-2019-3860 | libssh2 缓冲区错误漏洞 CWE-125 | 9.1 | - | 2019-03-25 |
| CVE-2019-3861 | libssh2 缓冲区错误漏洞 CWE-125 | 9.1 | - | 2019-03-25 |
| CVE-2019-3863 | libssh2 缓冲区错误漏洞 CWE-190 | 8.8 | - | 2019-03-25 |
| CVE-2019-3858 | libssh2 缓冲区错误漏洞 CWE-125 | 9.1 | - | 2019-03-21 |
| CVE-2019-3855 | libssh2 输入验证错误漏洞 CWE-190 | 8.8 | - | 2019-03-21 |
| CVE-2019-3862 | libssh2 缓冲区错误漏洞 CWE-130 | 9.1 | - | 2019-03-20 |
| CVE-2019-3859 | libssh2 缓冲区错误漏洞 CWE-125 | 9.1 | - | 2019-03-20 |
All 13 known CVE vulnerabilities affecting libssh2 with full Chinese analysis, references, and POCs where available.