🟠 High | Source: Microsoft Security Response Center
CVE-2026-58050 is an integer overflow vulnerability in the publickey subsystem of libssh2, an open-source SSH library used across many platforms and cloud environments, including Azure. Integer overflows in memory allocation routines can lead to heap corruption, potentially allowing an attacker to execute arbitrary code or crash affected services. This is particularly concerning because libssh2 is widely embedded in tooling, SDKs, and managed services.
Security Architect’s Take: Audit your Azure workloads and any custom tooling or third-party dependencies that use libssh2, and prioritise patching to the remediated version as soon as Microsoft publishes updated guidance. Pay particular attention to any internet-facing services or automation pipelines that handle SSH public key authentication.
Original advisory: CVE-2026-58050 libssh2 - Integer Overflow in publickey Subsystem Attribute Allocation