libssh Denial of Service via Arbitrary File Access during Config Parsing
CVE-2026-0965 Published on March 26, 2026
Libssh: libssh: denial of service via improper configuration file handling
A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.
Timeline
Reported to Red Hat.
Made public. 6 days later.
Weakness Type
External Control of File Name or Path
The software allows user input to control or influence paths or file names that are used in filesystem operations.
Products Associated with CVE-2026-0965
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2026-0965 are published in these products:
Affected Versions
Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 6: Red Hat Enterprise Linux 7: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat Hardened Images: Red Hat OpenShift Container Platform 4:Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.