CVE-2026-7598

High

Published: 01 May 2026

Published

01 May 2026

Modified

07 May 2026

KEV Added

—

Patch

—

CVSS Score 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0007 21.1th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7598 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Libssh2 Libssh2. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mandates timely patching of the integer overflow flaw in libssh2's userauth_password function via the specified commit.

SI-10 Information Input Validation partial match

prevent

Requires validation of username_len and password_len inputs to block malicious manipulation that triggers the integer overflow during SSH authentication.

SI-16 Memory Protection partial match

prevent

Implements memory protections like ASLR and DEP to mitigate exploitation of the integer overflow for unauthorized access or denial of service.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote unauthenticated network exploitation of integer overflow in libssh2 auth function directly maps to exploiting a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name…

of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.

Deeper analysisAI

CVE-2026-7598 is an integer overflow vulnerability in libssh2 versions up to and including 1.11.1. The issue resides in the userauth_password function within the src/userauth.c file, where manipulation of the username_len or password_len arguments can trigger the overflow. This flaw, associated with CWE-189 (Numeric Errors) and CWE-190 (Integer Overflow or Wraparound), carries a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), rated as High severity.

Remote attackers can exploit this vulnerability over the network without authentication or user interaction. By crafting malicious inputs for username_len or password_len during SSH authentication attempts, an attacker could cause the integer overflow, potentially leading to limited impacts on confidentiality, integrity, and availability, such as partial data exposure, modification, or denial of service in affected libssh2-dependent applications.

Mitigation requires applying the patch from commit 256d04b60d80bf1190e96b0ad1e91b2174d744b1, available via the libssh2 GitHub repository and pull request #1858. Security practitioners should upgrade to a patched version of libssh2 beyond 1.11.1 and review integrated applications for exposure during password-based authentication flows. Additional details are documented on VulDB entries for submission 805564 and vulnerability 360555.