CVE-2026-0967 identifies a vulnerability in the libssh library component of Red Hat Enterprise Linux 10, specifically within the match_pattern() function that processes hostnames from client configuration files or known_hosts files. The flaw arises due to inefficient handling of regular expressions, where an attacker controlling these files can craft hostnames that cause excessive backtracking during regex evaluation. This inefficient regex complexity leads to significant CPU resource consumption and timeouts, resulting in a denial of service (DoS) for the client application relying on libssh. The vulnerability requires local access with limited privileges and user interaction, as the attacker must influence or supply the client configuration or known_hosts files. The CVSS 3.0 base score is 2.2, reflecting low severity due to the high attack complexity, requirement for user interaction, and limited scope affecting availability only. There is no impact on confidentiality or integrity, and no known exploits have been reported in the wild. The vulnerability highlights the risks of regex-based processing in security-critical libraries and underscores the need for careful input validation and efficient regex design. While no patches are currently linked, monitoring Red Hat advisories for updates is recommended.

The primary impact of CVE-2026-0967 is a denial of service condition on client systems running Red Hat Enterprise Linux 10 that use libssh. By exploiting inefficient regex backtracking, an attacker can cause the client application to become unresponsive or consume excessive CPU resources, potentially disrupting automated processes or user sessions relying on SSH connections. Although the vulnerability does not compromise confidentiality or integrity, the availability impact can affect operational continuity, especially in environments with automated SSH-based workflows or critical remote management tasks. The requirement for local access and user interaction limits the scope of exploitation, reducing the likelihood of widespread attacks. However, in multi-user systems or environments where untrusted users can modify client configuration files, this vulnerability could be leveraged to degrade service. Organizations with high availability requirements or those running critical infrastructure on Red Hat Enterprise Linux 10 should consider this risk in their threat models.

To mitigate CVE-2026-0967, organizations should implement the following specific measures: 1) Restrict write permissions on client configuration and known_hosts files to trusted users only, preventing untrusted modification that could introduce malicious hostnames. 2) Monitor and audit changes to SSH client configuration files to detect unauthorized or suspicious modifications. 3) Limit local user privileges to reduce the risk of an attacker influencing client-side SSH configurations. 4) Employ resource limits (e.g., CPU time, process limits) on SSH client processes to contain potential resource exhaustion. 5) Stay current with Red Hat security advisories and apply patches promptly once available for libssh or related components. 6) Consider using alternative SSH client implementations or updated libssh versions that address regex inefficiencies. 7) Educate users about the risks of accepting or using untrusted SSH configuration files. These targeted actions go beyond generic advice by focusing on controlling the attack vector and containing resource impact.