1. Ubuntu Security Notices
  2. USN-8051-1

USN-8051-1: libssh vulnerabilities

Publication date

18 February 2026

Overview

Several security issues were fixed in libssh.

Releases

Packages

  • libssh - A tiny C SSH library

Details

It was discovered that libssh clients incorrectly handled the key exchange
process. A remote attacker could possibly use this issue to cause libssh
clients to crash, resulting in a denial of service. (CVE-2025-8277)

It was discovered that the libssh SCP client incorrectly sanitized paths
received from servers. A remote attacker could use this issue to cause
libssh SCP clients to overwrite files outside of the working directory and
possibly execute arbitrary code. (CVE-2026-0964)

It was discovered that libssh incorrectly handled parsing configuration
files. A local attacker could possibly use this issue to cause libssh to
access non-regular files, resulting in a denial of service. (CVE-2026-0965)

It was discovered that libssh incorrectly handled the ssh_get_hexa()
function. A remote attacker could possibly use this...

It was discovered that libssh clients incorrectly handled the key exchange
process. A remote attacker could possibly use this issue to cause libssh
clients to crash, resulting in a denial of service. (CVE-2025-8277)

It was discovered that the libssh SCP client incorrectly sanitized paths
received from servers. A remote attacker could use this issue to cause
libssh SCP clients to overwrite files outside of the working directory and
possibly execute arbitrary code. (CVE-2026-0964)

It was discovered that libssh incorrectly handled parsing configuration
files. A local attacker could possibly use this issue to cause libssh to
access non-regular files, resulting in a denial of service. (CVE-2026-0965)

It was discovered that libssh incorrectly handled the ssh_get_hexa()
function. A remote attacker could possibly use this issue to cause libssh
to crash, resulting in a denial of service. (CVE-2026-0966)

It was discovered that libssh incorrectly handled certain regular
expressions. A local attacker could possibly use this issue to cause libssh
to consume resources, resulting in a denial of service. (CVE-2026-0967)

It was discovered that the libssh SFTP client incorrectly handled certain
malformed longname fields. A remote attacker could use this issue to cause
libssh SFTP clients to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2026-0968)

Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
25.10 questing libssh-4 –  0.11.2-1ubuntu0.2
24.04 LTS noble libssh-4 –  0.10.6-2ubuntu0.3
22.04 LTS jammy libssh-4 –  0.9.6-2ubuntu0.22.04.6

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›