Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2. libssh2 is a client-side SSH library, not a server.

The article reports that a public proof-of-concept exploit is now available for CVE-2026-55200, a critical out-of-bounds write vulnerability (CVSS 9.2) in the libssh2 client-side SSH library affecting versions up to and including 1.11.1.[2][3][9] According to NVD and vendor advisories, a remote, malicious or compromised SSH server can send crafted packets before authentication to corrupt heap memory on the client and potentially achieve remote code execution, without user interaction or credentials.[3][4][9] From a CyberSE.AI perspective, any AI agents, orchestration frameworks, or MLOps pipelines that embed libssh2 (directly or via dependencies) inherit this client-side RCE risk, making it an AI supply chain issue requiring SBOM-based dependency discovery, urgent patching or recompilation with fixed commits, and hardening of how AI systems establish SSH connections. Organizations should rapidly inventory AI-related services that rely on libssh2, apply updated builds, and adjust trust models around SSH endpoints to reduce the chance that an AI-driven workflow connects to a malicious or MITM SSH server exploiting this flaw.[1][2][4]