CVE-2026-0966

Publication date 13 February 2026

Last updated 18 February 2026

Ubuntu priority

Why this priority?

Description

[Buffer underflow in ssh_get_hexa() on invalid input]

Why is this CVE low priority?

Low severity DoS issue

Learn more about Ubuntu priority

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libssh	25.10 questing	Fixed 0.11.2-1ubuntu0.2
	24.04 LTS noble	Fixed 0.10.6-2ubuntu0.3
	22.04 LTS jammy	Fixed 0.9.6-2ubuntu0.22.04.6
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libssh	Upstream: ?id=6ba Upstream: ?id=3e1 Upstream: ?id=b15

References

Related Ubuntu Security Notices (USN)

USN-8051-1
libssh vulnerabilities
18 February 2026

Other references