{
  "threat_severity" : "Important",
  "public_date" : "2026-05-01T21:30:11Z",
  "bugzilla" : {
    "description" : "libssh2: integer overflow via large username or password arguments",
    "id" : "2464597",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2464597"
  },
  "cvss3" : {
    "cvss3_base_score" : "9.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-190",
  "details" : [ "A flaw was found in the libssh2 library. A remote attacker can exploit an integer overflow vulnerability in the `userauth_password` function by manipulating the `username_len` or `password_len` arguments and cause a heap-based buffer overflow. This leads to a crash to the application linked to the library and potentially allows arbitrary code execution." ],
  "statement" : "To exploit this flaw, an attacker needs to be able to supply an excessively large value to the arguments of the `userauth_password` function, typically to an application processing untrusted SSH authentication requests. The primary security impact of this issue is a crash to the application linked to the library due to memory corruption, potentially allowing arbitrary code execution.\nDefault Red Hat Enterprise Linux security features, including SELinux enforcement, Address Space Layout Randomization (ASLR) and NX (No-Execute) stack protection, significantly increase the difficulty of achieving arbitrary code execution, limiting the impact of this vulnerability.\nDue to these reasons, this vulnerability has been rated with an important severity.",
  "affected_release" : [ {
    "product_name" : "Red Hat Hardened Images",
    "release_date" : "2026-04-08T00:00:00Z",
    "advisory" : "RHSA-2026:7021",
    "cpe" : "cpe:/a:redhat:hummingbird:1",
    "package" : "libssh2-main-1.11.1-5.1.hum1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "libssh2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Affected",
    "package_name" : "libssh2",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Hardened Images",
    "fix_state" : "Affected",
    "package_name" : "rust",
    "cpe" : "cpe:/a:redhat:hummingbird:1"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "conmon-rs",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Update Service",
    "fix_state" : "Affected",
    "package_name" : "openshift-update-service/openshift-update-service-rhel8",
    "cpe" : "cpe:/a:redhat:openshift_update_service:5"
  }, {
    "product_name" : "Red Hat Trusted Profile Analyzer",
    "fix_state" : "Affected",
    "package_name" : "rhtpa/rhtpa-trustification-service-rhel9",
    "cpe" : "cpe:/a:redhat:trusted_profile_analyzer:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-7598\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-7598\nhttps://github.com/libssh2/libssh2/\nhttps://github.com/libssh2/libssh2/commit/256d04b60d80bf1190e96b0ad1e91b2174d744b1\nhttps://github.com/libssh2/libssh2/pull/1858\nhttps://vuldb.com/submit/805564\nhttps://vuldb.com/vuln/360555\nhttps://vuldb.com/vuln/360555/cti" ],
  "name" : "CVE-2026-7598",
  "mitigation" : {
    "value" : "To mitigate this flaw, applications linked to the libssh2 library should be configured or updated to exclusively use public key authentication. Explicitly disabling password-based logins prevents the application from executing the vulnerable userauth_password function.",
    "lang" : "en:us"
  },
  "csaw" : false
}