CVE-2026-7598 libssh2 userauth.c userauth_password integer overflow

🗓️ 01 May 2026 21:30:11Reported by VulDBType

CVE-2026-7598 in libssh2 userauth_password causes remote integer overflow; patch available.

Reporter	Title	Published	Views	Family All 58
IBM Security Bulletins	Security Bulletin: Unrestricted upload of file with dangerous type, improper certificate validation, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service	24 Jun 202616:05	–	ibm
ATTACKERKB	CVE-2026-7598	1 May 202621:30	–	attackerkb
Tenable Nessus	Amazon Linux 2023 : libssh2, libssh2-devel (ALAS2023-2026-1779)	8 Jun 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : cargo-c (ALAS2023-2026-1872)	22 Jun 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : libssh2, --advisory ALAS2-2026-3329 (ALAS-2026-3329)	8 Jun 202600:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-7598)	6 May 202600:00	–	nessus
Tenable Nessus	Fedora 43 : libssh2 (2026-1b9134cdc9)	7 Jun 202600:00	–	nessus
Tenable Nessus	Fedora 44 : libssh2 (2026-f87ac8187c)	30 May 202600:00	–	nessus
Tenable Nessus	Photon OS 5.0: Libssh2 PHSA-2026-5.0-0857	17 Jun 202600:00	–	nessus
Tenable Nessus	Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : libssh2 vulnerability (USN-8309-1)	27 May 202600:00	–	nessus

[
  {
    "vendor": "n/a",
    "product": "libssh2",
    "versions": [
      {
        "version": "1.11.0",
        "status": "affected"
      },
      {
        "version": "1.11.1",
        "status": "affected"
      }
    ],
    "cpes": [
      "cpe:2.3:a:libssh2:libssh2:*:*:*:*:*:*:*:*"
    ]
  }
]

Source	Link
github	www.github.com/libssh2/libssh2/
vuldb	www.vuldb.com/vuln/360555/cti
github	www.github.com/libssh2/libssh2/pull/1858
vuldb	www.vuldb.com/vuln/360555
github	www.github.com/libssh2/libssh2/commit/256d04b60d80bf1190e96b0ad1e91b2174d744b1
vuldb	www.vuldb.com/submit/805564

01 May 2026 21:30Current

CVSS 46.9

CVSS 3.17.3

CVSS 37.3

CVSS 27.5

EPSS0.00355