EXECUTIVE SUMMARY:
CVE-2026-48110 with a CVSS score of 7.5 is a vulnerability in the rust/russh package where several client and server message handlers decode attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer can send oversized, high-fanout, or malformed length-prefixed fields, causing the library to allocate, attempt allocation, or split data before rejecting invalid input. The vulnerability can be exploited remotely with low attack complexity and requires no privileges or user interaction, resulting in a high availability impact. Successful exploitation may lead to resource exhaustion and denial-of-service conditions, potentially disrupting affected services and operations. This exploitation requires the ability to send specially crafted SSH messages to a vulnerable deployment.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
CVE-2026-48110 with a CVSS score of 7.5 is a vulnerability in the rust/russh package where several client and server message handlers decode attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer can send oversized, high-fanout, or malformed length-prefixed fields, causing the library to allocate, attempt allocation, or split data before rejecting invalid input. The vulnerability can be exploited remotely with low attack complexity and requires no privileges or user interaction, resulting in a high availability impact. Successful exploitation may lead to resource exhaustion and denial-of-service conditions, potentially disrupting affected services and operations. This exploitation requires the ability to send specially crafted SSH messages to a vulnerable deployment.[emaillocker id="1283"]
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://github.com/advisories/GHSA-4r3c-5hpg-58qr
[/emaillocker]