Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

NHS England Digital libssh2 update advisory for CVE-2026-55200

Advisory/Mitigation
First reported
Last updated
Happening score
H score 38
1 unique sources, 1 articles

Summary

Hide ▲

NHS England Digital has issued an update advisory for libssh2 after a public proof-of-concept surfaced for CVE-2026-55200. The flaw can let a malicious or compromised SSH server corrupt memory on a connecting client and potentially achieve code execution. The advisory covers organizations running affected libssh2 builds, including bundled or static copies that may not be obvious in package inventories. Until patched builds are deployed, the guidance also points teams to restrict outbound SSH connections and verify host keys.

Related Happenings

Libssh2 client-side SSH memory corruption memory corruption flaw (CVE-2026-55200)

Vulnerability
H score37 First: 29.06.2026 10:06 Last: 29.06.2026 10:06 Sources 1

How related: A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution.

About this happening: A **public proof-of-concept** for **CVE-2026-55200** exposes **libssh2** clients to **memory corruption** and possible **code execution** when they connect to a malicious SSH serv...

Open Happening

Dify security patch release for CVE-2026-41947

Security Patch Release
H score34 First: 22.06.2026 19:13 Last: 22.06.2026 19:13 Sources 1

About this happening: **Dify** shipped **version 1.14.2** to fix most of the **DifyTap** vulnerabilities, closing cross-tenant paths that could expose **AI chats**, **uploaded files**, and internal API...

Open Happening

Ivanti Sentry patch release for CVE-2026-10520 and CVE-2026-10523

Security Patch Release
H score54 First: 10.06.2026 09:26 Last: 10.06.2026 09:26 Sources 1

About this happening: **Ivanti** released a **patch bundle** for **Sentry** after identifying **two critical vulnerabilities** in the secure mobile gateway appliance, including **CVE-2026-10520** and *...

Open Happening

LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)

Security Patch Release
H score42 First: 27.05.2026 13:06 Last: 27.05.2026 13:06 Sources 1

About this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...

Latest development: 16.06.2026 13:47

CISA added CVE-2026-48172/CVE-2026-54420 in the LiteSpeed cPanel user-end plugin to the Known Exploited Vulnerabilities Catalog and ordered Federal Civilian Executive Branch agencies to secure affected servers within three days under BOD 26-04. The affected plugin versions before 2.4.8 are described as actively exploited, with FTP or web shell access enabling root escalation on shared hosting servers running CloudLinux/CageFS.

Open Happening

TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926

Security Patch Release
H score45 First: 22.05.2026 11:19 Last: 22.05.2026 11:19 Sources 1

About this happening: **TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....

Open Happening

Timeline

  1. 29.06.2026 10:06 1 articles · 2h ago

    Maintainers merge the libssh2 fix for CVE-2026-55200

    Mitigation Patch Update

    Maintainers merged pull request #2052 on June 12, adding the missing packet_length upper-bound check in libssh2 so values above LIBSSH2_PACKET_MAXPAYLOAD are rejected before the overflow-prone size calculation runs.

    Show sources
    Open in new tab
  2. 29.06.2026 10:06 1 articles · 2h ago

    VulnCheck publishes CVE-2026-55200 for the libssh2 flaw

    Initial Disclosure

    VulnCheck published CVE-2026-55200 on June 17 after the critical libssh2 client-side SSH memory-corruption flaw and a public proof-of-concept were disclosed, with possible code execution on a connecting client.

    Show sources
    Open in new tab
  3. 29.06.2026 10:06 2 articles · 2h ago

    NHS England Digital urges organizations to update affected libssh2 builds

    Industry Or Public Sector Update

    NHS England Digital urged affected organizations to update on June 29, while downstream projects backported the fix, Debian already had a repaired build in testing, and no fixed libssh2 release was yet available.

    Show sources
    Open in new tab