CVE-2020-26301

HIGH

ssh2 < 1.4.0 - OS Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-26301. PoCs published by AikidoSec.

AI-analyzed exploit summary This repository contains a functional PoC for CVE-2020-26301, demonstrating command injection in the 'ssh2' library's agent function. The vulnerable test case shows how arbitrary commands can be executed via crafted input, while the protected test case shows mitigation using AikidoSec's firewall.

Description

ssh2 is client and server modules written in pure JavaScript for node.js. In ssh2 before version 1.4.0 there is a command injection vulnerability. The issue only exists on Windows. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This is fixed in version 1.4.0.

Exploits (1)

github WORKING POC 6 stars

by AikidoSec · javascriptpoc

https://github.com/AikidoSec/zen-0-days/tree/main/node/CVE-2020-26301

View Code ZIP pw:eip

This repository contains a functional PoC for CVE-2020-26301, demonstrating command injection in the 'ssh2' library's agent function. The vulnerable test case shows how arbitrary commands can be executed via crafted input, while the protected test case shows mitigation using AikidoSec's firewall.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ssh2 library (versions affected by CVE-2020-26301)

No auth needed

Prerequisites: Windows environment · Node.js installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/mscdex/ssh2/commit/f763271f41320e71d5cbee02ea5bc6a2ded3ca21

View Patch ZIP pw:eip

Exploit, Patch, Third Party Advisory x_refsource_confirm

https://securitylab.github.com/advisories/GHSL-2020-123-mscdex-ssh2/

Product, Third Party Advisory x_refsource_misc

https://www.npmjs.com/package/ssh2

Scores

CVSS v3 7.5

EPSS 0.0383

EPSS Percentile 88.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N

Details

CWE

CWE-78

Status published

Products (2)

npm/ssh2 0 - 1.4.0npm

ssh2_project/ssh2 < 1.4.0

Published Sep 20, 2021

Tracked Since Feb 18, 2026