{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T04:53:23.427","vulnerabilities":[{"cve":{"id":"CVE-2026-0968","sourceIdentifier":"secalert@redhat.com","published":"2026-03-26T21:17:01.150","lastModified":"2026-04-13T20:15:09.527","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes."},{"lang":"es","value":"Se encontró una falla en libssh en la que un servidor SFTP (Protocolo de Transferencia de Archivos SSH) malicioso puede explotar esto enviando un campo 'longname' malformado dentro de un mensaje 'SSH_FXP_NAME' durante una operación de listado de archivos. Esta falta de verificación de nulos puede llevar a leer más allá de la memoria asignada en el heap. Esto puede causar un comportamiento inesperado o llevar a una denegación de servicio (DoS) debido a fallos de la aplicación."}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.6,"impactScore":1.4}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*","versionEndIncluding":"0.11.3","matchCriteriaId":"2366D711-FD0B-4A04-92BA-DE6DA0ED1BCF"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*","matchCriteriaId":"7F6FB57C-2BC7-487C-96DD-132683AEB35D"},{"vulnerable":true,"criteria":"cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"D65C2163-CFC2-4ABB-8F4E-CB09CEBD006C"}]}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-0968","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2436982","source":"secalert@redhat.com","tags":["Third Party Advisory"]},{"url":"https://www.libssh.org/2026/02/10/libssh-0-12-0-and-0-11-4-security-releases/","source":"secalert@redhat.com","tags":["Release Notes"]}]}}]}