Vulnerable Library - libssh2-1.11.1-hcf80075_0.conda
the SSH library
Library home page: https://api.anaconda.org/download/conda-forge/libssh2/1.11.1/linux-64/libssh2-1.11.1-hcf80075_0.conda
Path to dependency file: /environment.yml
Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/libssh2-1.11.1-hcf80075_0.conda
Vulnerabilities
| Vulnerability |
Severity |
 CVSS |
Dependency |
Type |
Fixed in (libssh2 version) |
Remediation Possible** |
| CVE-2026-7598 |
 High |
7.3 |
libssh2-1.11.1-hcf80075_0.conda |
Direct |
N/A |
❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2026-7598
Vulnerable Library - libssh2-1.11.1-hcf80075_0.conda
the SSH library
Library home page: https://api.anaconda.org/download/conda-forge/libssh2/1.11.1/linux-64/libssh2-1.11.1-hcf80075_0.conda
Path to dependency file: /environment.yml
Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/libssh2-1.11.1-hcf80075_0.conda
Dependency Hierarchy:
- ❌ libssh2-1.11.1-hcf80075_0.conda (Vulnerable Library)
Found in base branch: develop
Vulnerability Details
A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.
Publish Date: 2026-05-01
URL: CVE-2026-7598
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.
Step up your Open Source Security Game with Mend here
the SSH library
Library home page: https://api.anaconda.org/download/conda-forge/libssh2/1.11.1/linux-64/libssh2-1.11.1-hcf80075_0.conda
Path to dependency file: /environment.yml
Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/libssh2-1.11.1-hcf80075_0.conda
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - libssh2-1.11.1-hcf80075_0.conda
the SSH library
Library home page: https://api.anaconda.org/download/conda-forge/libssh2/1.11.1/linux-64/libssh2-1.11.1-hcf80075_0.conda
Path to dependency file: /environment.yml
Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/libssh2-1.11.1-hcf80075_0.conda
Dependency Hierarchy:
Found in base branch: develop
Vulnerability Details
A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.
Publish Date: 2026-05-01
URL: CVE-2026-7598
CVSS 3 Score Details (7.3)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: Low
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here