Vulnerability Description
A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libssh | Libssh | <= 0.11.3 |
| Redhat | Enterprise Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2026:18160
- https://access.redhat.com/errata/RHSA-2026:18683
- https://access.redhat.com/security/cve/CVE-2026-0965Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2436980Third Party Advisory
FAQ
What is CVE-2026-0965?
CVE-2026-0965 is a vulnerability with a CVSS score of 3.3 (LOW). A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system i...
How severe is CVE-2026-0965?
CVE-2026-0965 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-0965?
Check the references section above for vendor advisories and patch information. Affected products include: Libssh Libssh, Redhat Enterprise Linux.