CVE-2026-46673
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
Russh is a Rust SSH client & server library. In versions prior to 0.60.3, there were issues with unchecked capacity growth in CryptoVec and unsafe allocation/locking paths, which could allow an attacker to introduce invalid frame lengths.
Risk Assessment
Organizations using russh versions before 0.60.3 are at risk of attacks that could lead to unauthorized access or data leakage through frame length manipulation.
Recommendation
It is recommended to upgrade to version 0.60.3 or later to mitigate this vulnerability.
Original NVD description (English source)
Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh releases, local SSH agent peers could still feed attacker-controlled frame lengths into buffer growth before validation. In older russh releases before 0.58.0, remote SSH traffic also reached CryptoVec through transport and compression buffers. This issue has been patched in version 0.60.3.

