libssh Denial of Service via Arbitrary File Access during Config Parsing
CVE-2026-0965 Published on March 26, 2026

Libssh: libssh: denial of service via improper configuration file handling
A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.

NVD

Timeline

Reported to Red Hat.

Made public. 6 days later.

Weakness Type

External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.


Products Associated with CVE-2026-0965

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-0965 are published in these products:

Canonical Ubuntu Linux
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Openshift
 

Affected Versions

Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat OpenShift Container Platform 4: