PoC Released for Critical libssh2 SSH Client Vulnerability

A public proof-of-concept (PoC) has been released for CVE-2026-55200, a critical vulnerability discovered in the libssh2 client-side SSH library. This flaw allows a malicious or compromised SSH server to trigger memory corruption on a connecting client, with the potential for arbitrary code execution. The exploit requires no user interaction and does not necessitate valid credentials.

The vulnerability affects all releases of libssh2 up to and including version 1.11.1. It has been assigned a CVSS 4.0 score of 9.2, indicating a critical severity level. libssh2 is a widely used library that facilitates SSH connections from client applications, meaning the vulnerability impacts the client's security when connecting to potentially untrusted servers.

This PoC's release means that security researchers and developers can now more easily test and verify the existence and impact of CVE-2026-55200. The availability of a PoC often accelerates the development of patches and mitigates the risk of exploitation by malicious actors. Organizations relying on libssh2 for their SSH client implementations are advised to monitor for updates and security advisories from the libssh2 project and their respective software vendors.