CVE-2026-3731: libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds

Published Mar 8, 2026
·
Updated

A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component.

Affected Software

5 affected componentsFixes available
libssh/libssh<=0.11.3
libssh libssh<=0.11.3
Microsoft azl3 libssh 0.10.6-5
Patch available
Microsoft azl3 libssh 0.10.6-6
Patch available
Microsoft cbl2 libssh 0.10.6-5
Patch available

Remediation

Patch Available

https://gitlab.com/libssh/libssh-mirror/-/commit/855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60

Patch Available

https://www.libssh.org/files/0.12/libssh-0.12.0.tar.xz

Event History

Mar 8, 2026
CVE Published
via MITRE·10:32 AM
Data Sourced
via MITRE·10:32 AM
DescriptionSeverityWeakness
Data Sourced
via NVD·11:15 AM
RemedyDescriptionSeverityWeaknessAffected Software
Mar 11, 2026
Data Sourced
via Microsoft·08:01 AM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·08:01 AM
DescriptionSeverity
Updated
via Microsoft·08:01 AM
Affected Software
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2026-3731?

CVE-2026-3731 has been classified as a high-severity vulnerability due to its potential to cause out-of-bounds access.

2

How do I fix CVE-2026-3731?

To fix CVE-2026-3731, upgrade to libssh version 0.11.4 or later, which addresses the out-of-bounds vulnerability.

3

What components are affected by CVE-2026-3731?

CVE-2026-3731 affects the sftp_extensions_get_name and sftp_extensions_get_data functions in the SFTP extension of libssh.

4

What types of exploits are related to CVE-2026-3731?

Exploits related to CVE-2026-3731 can lead to denial of service or arbitrary code execution due to out-of-bounds memory access.

5

Which versions of libssh are vulnerable to CVE-2026-3731?

Libssh versions up to and including 0.11.3 are vulnerable to CVE-2026-3731.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203