CVE-2026-48107
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk28th percentile — higher than 28% of all known CVEs
Summary
Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTH_INFO_REQUEST with an attacker-controlled prompt count, leading to the use of that count without prior validation of the data.
Risk Assessment
The risk involves the potential for memory allocation errors, which could lead to unexpected behavior of the client or server, and consequently to a possible takeover of the system.
Recommendation
It is recommended to update the russh library to version 0.61.0 or later to mitigate this vulnerability.
Original NVD description (English source)
Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTH_INFO_REQUEST with an attacker-controlled prompt count, and the client would use that raw count directly in Vec::with_capacity(...) before validating that enough prompt data was actually present in the packet. This issue has been patched in version 0.61.0.

