Curl

vulnerabilities 2026-06-30
Public PoC Drops for Critical libssh2 Heap Overflow — curl, Git, and PHP All Carry the Flaw
A public PoC was released June 29 for CVE-2026-55200, a CVSS 9.2 heap overflow in libssh2 ≤ 1.11.1 that lets a malicious SSH server execute code on any connecting client. curl, Git, PHP, and a long tail of appliances all link the library.
rce linux ssh curl git

Public PoC Drops for Critical libssh2 Heap Overflow — curl, Git, and PHP All Carry the Flaw