CVE-2026-7598 (MEDIUM): detected in Lambda Docker Images.

[the-lambda-watchdog]

CVE Details

CVE ID	Severity	Affected Package	Installed Version	Fixed Version	Date Published	Date of Scan
CVE-2026-7598	MEDIUM	libssh2	1.4.3-12.amzn2.2.6	1.4.3-12.amzn2.2.7	2026-05-01T22:16:16.947Z	2026-06-09T10:18:24.239657205Z

---

Affected Docker Images

Image Name	SHA
public.ecr.aws/lambda/provided:al2	public.ecr.aws/lambda/provided@sha256:87b52f040fd8bbf1825c29a9e577646de209c623e26e5ad06acf18750e3d5f2a
public.ecr.aws/lambda/python:3.11	public.ecr.aws/lambda/python@sha256:ce9bbd58375ab90bf5897e7d4613171e220b82169929702283289c5661143b2c
public.ecr.aws/lambda/python:3.10	public.ecr.aws/lambda/python@sha256:f41a68184c87ab0db80dd9a88f49642e6ee429dc38bb825669e09739cc88373e
public.ecr.aws/lambda/java:17	public.ecr.aws/lambda/java@sha256:c7a73048cf6b6fee10fed77c6861868f9510c87e7dc13d58f23031f79ce842cf
public.ecr.aws/lambda/java:11	public.ecr.aws/lambda/java@sha256:0fc01edbc566592edbb2555ab67fee7f723cc92e5e79b7a8313d53bab83d68bb
public.ecr.aws/lambda/java:8.al2	public.ecr.aws/lambda/java@sha256:88b28f2ab6c664173a0e3ddc53d3d2d3cf4d56a00c0476d59c5a09a488ef6027

---

Description

A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue.

---

Remediation Steps

• Update the affected package libssh2 from version 1.4.3-12.amzn2.2.6 to 1.4.3-12.amzn2.2.7.

About this issue

• This issue may not contain all the information about the CVE nor the images it affects.
• This issue will not be updated with new information and the list of affected images may have changed since the creation of this issue.
• For more, visit Lambda Watchdog.
• This issue was created automatically by Lambda Watchdog.