Cyber Resilience

CVE-2026-7598

MediumUpdated

Published: 01 May 2026

Published
01 May 2026
Modified
30 June 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0047 37.0th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-7598 is a medium-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Libssh2 Libssh2. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-7598 is an integer overflow vulnerability in libssh2 versions up to and including 1.11.1. The issue resides in the userauth_password function within the src/userauth.c file, where manipulation of the username_len or password_len arguments can trigger the overflow. This flaw, associated with CWE-189 (Numeric Errors) and CWE-190 (Integer Overflow or Wraparound), carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), rated as High severity.

Remote attackers can exploit this vulnerability over the network without authentication or user interaction. By crafting malicious inputs for username_len or password_len during SSH authentication attempts, an attacker could cause the integer overflow, potentially leading to limited impacts on confidentiality, integrity, and availability, such as partial data exposure, modification, or denial of service in affected libssh2-dependent applications.

Mitigation requires applying the patch from commit 256d04b60d80bf1190e96b0ad1e91b2174d744b1, available via the libssh2 GitHub repository and pull request #1858. Security practitioners should upgrade to a patched version of libssh2 beyond 1.11.1 and review integrated applications for exposure during password-based authentication flows. Additional details are documented on VulDB entries for submission 805564 and vulnerability 360555.

EU & UK References

Vulnerability details

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name…

more

of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Remote unauthenticated network exploitation of integer overflow in libssh2 auth function directly maps to exploiting a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-30404Shared CWE-190
CVE-2025-27918Shared CWE-190
CVE-2024-11347Shared CWE-190
CVE-2024-40765Shared CWE-190
CVE-2026-41416Shared CWE-190
CVE-2026-5121Shared CWE-190
CVE-2024-55656Shared CWE-190
CVE-2025-14087Shared CWE-190
CVE-2025-0838Shared CWE-190
CVE-2025-14308Shared CWE-190

Affected Assets

libssh2
libssh2
≤ 1.11.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely patching of the integer overflow flaw in libssh2's userauth_password function via the specified commit.

prevent

Requires validation of username_len and password_len inputs to block malicious manipulation that triggers the integer overflow during SSH authentication.

prevent

Implements memory protections like ASLR and DEP to mitigate exploitation of the integer overflow for unauthorized access or denial of service.

References