CVE-2026-55200
EPSS 0.9%Public PoC confirmed; active discussion; lacks KEV/vendor urgency signals needed for full HACK.
What: Critical remote code execution flaw in libssh2 allowing a malicious SSH server to trigger memory corruption on connecting clients.
Why it matters: Public PoC code is circulating on GitHub; social chatter highlights ubiquitous deployment in dev tools, backup agents, and appliances making inventory difficult. OSS Security and security researchers are actively discussing exploitation paths. No KEV listing yet, but high engagement and PoC availability suggest real weaponization risk.
Where it's seen: GitHub PoC drops, OSS Security advisory amplification, practitioner concern about hidden libssh2 instances in supply chain tooling and embedded appliances. Meme-format discussion ("no way to prevent this") signals recognition of systemic exposure.
RISK: CRITICAL — Widespread libssh2 dependency; public PoC; memory corruption RCE; hard-to-inventory footprint.
No NVD details ingested for this CVE yet.