{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-0967/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":5.5,"id":"CVE-2026-0967"}],"_cs_exploited":false,"_cs_products":["libssh"],"_cs_severities":["medium"],"_cs_tags":["denial-of-service","libssh","CVE-2026-0967","defense-evasion"],"_cs_type":"advisory","_cs_vendors":["Microsoft"],"content_html":"\u003cp\u003eCVE-2026-0967 is a denial-of-service (DoS) vulnerability affecting libssh, a library implementing the SSH protocol. The root cause lies in the inefficient processing of regular expressions within the library\u0026rsquo;s code. An attacker could exploit this vulnerability by sending specially crafted input that triggers excessive resource consumption during regular expression matching, leading to a denial of service. Successful exploitation could potentially enable defense evasion by overwhelming security controls and negatively impacting the availability of systems relying on the vulnerable libssh library. The vulnerability affects both Linux and Windows platforms where libssh is used.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies a service or application utilizing a vulnerable version of libssh.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious input string designed to trigger inefficient regular expression processing within libssh.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the crafted input to the vulnerable service via a network connection (e.g., SSH).\u003c/li\u003e\n\u003cli\u003eThe libssh library attempts to process the malicious input using its regular expression engine.\u003c/li\u003e\n\u003cli\u003eThe inefficient regular expression causes excessive CPU consumption or memory allocation.\u003c/li\u003e\n\u003cli\u003eThe vulnerable service becomes unresponsive due to resource exhaustion, leading to a denial-of-service condition.\u003c/li\u003e\n\u003cli\u003eSubsequent legitimate requests to the service are blocked or delayed, further exacerbating the impact.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-0967 can result in a denial-of-service condition, rendering affected services or applications unavailable. The impact scope depends on the role of the affected system. For example, a critical server becoming unavailable could disrupt business operations. While the number of potential victims is unknown, any system utilizing a vulnerable version of libssh is susceptible. The defense evasion aspect could allow attackers to bypass security controls during the DoS.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eIdentify systems using libssh and determine the installed version.\u003c/li\u003e\n\u003cli\u003eApply available patches or updates for libssh to remediate CVE-2026-0967 as released by Microsoft.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u0026ldquo;Detect Suspicious Libssh Regex Processing\u0026rdquo; to monitor for potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eMonitor CPU and memory usage on systems running libssh for unusual spikes, which may indicate a DoS attack.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on services using libssh to mitigate the impact of DoS attacks.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-01T07:16:39Z","date_published":"2026-05-01T07:16:39Z","id":"/briefs/2024-01-libssh-dos/","summary":"CVE-2026-0967 is a denial-of-service vulnerability in libssh, stemming from inefficient regular expression processing that could lead to defense evasion and impact availability on affected systems.","title":"Libssh Denial-of-Service Vulnerability via Inefficient Regular Expression Processing (CVE-2026-0967)","url":"https://feed.craftedsignal.io/briefs/2024-01-libssh-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — CVE-2026-0967","version":"https://jsonfeed.org/version/1.1"}