🟠 High | Source: Microsoft Security Response Center
CVE-2026-58051 is a memory corruption vulnerability in libssh2, an open-source SSH library, involving the improper freeing of an uninitialised pointer during public key list cleanup. This type of flaw can potentially be exploited to crash an application or, in more severe cases, execute arbitrary code. The vulnerability is relevant to Azure environments and any services or workloads that depend on libssh2 for SSH connectivity.
Security Architect’s Take: Audit your Azure workloads and container images for any dependency on libssh2 and apply vendor-supplied patches promptly; also check if any Azure managed services have been updated by Microsoft, as no further action may be required on the platform side.
Original advisory: CVE-2026-58051 libssh2 - Free of Uninitialized Pointer in publickey List Cleanup