For the poc:
https://github.com/bikini/exploitarium/blob/main/libssh2-cve-2026-55200-poc/poc/libpwn_cve_2026_55200_server.py
When I run it against my device, I get this error on the server side:
$[+] client connected from 192.168.86.126:58410
[+] client ident: SSH-2.0-libssh2_1.10.0
Traceback (most recent call last):
File "/xxx/CVEs/cve-2026-55200/exploitarium/libssh2-cve-2026-55200-poc/poc/libpwn_cve_2026_55200_server.py", line 628, in <module>
main()
File "/xxx/CVEs/cve-2026-55200/exploitarium/libssh2-cve-2026-55200-poc/poc/libpwn_cve_2026_55200_server.py", line 621, in main
MiniSSHExploitServer(args).serve_once()
File "/xxx/CVEs/cve-2026-55200/exploitarium/libssh2-cve-2026-55200-poc/poc/libpwn_cve_2026_55200_server.py", line 395, in serve_once
self.handle_client(conn)
File "xxx/CVEs/cve-2026-55200/exploitarium/libssh2-cve-2026-55200-poc/poc/libpwn_cve_2026_55200_server.py", line 411, in handle_client
first_match(client_lists["s2c_cipher"], CIPHER_ALGORITHMS, "server-to-client cipher")
File "/xxx/CVEs/cve-2026-55200/exploitarium/libssh2-cve-2026-55200-poc/poc/libpwn_cve_2026_55200_server.py", line 105, in first_match
raise RuntimeError(f"client did not offer required {label}; got {client_items!r}")
RuntimeError: client did not offer required server-to-client cipher; got ['aes128-ctr', 'aes192-ctr', 'aes256-ctr', 'aes256-cbc', 'rijndael-cbc@lysator.liu.se', 'aes192-cbc', 'aes128-cbc', 'blowfish-cbc', 'arcfour128', 'arcfour', 'cast128-cbc', '3des-cbc']
❓Can you please add support for any of these ciphers (aes128-ctr, aes192-ctr, aes256-ctr, aes256-cbc, aes192-cbc, aes128-cbc...) ?
I am using curl with the following features:
~$ curl -V
curl 8.7.1 (aarch64-oe-linux-gnu) libcurl/8.7.1 OpenSSL/3.0.18 zlib/1.2.11 libidn2/2.3.2 libssh2/1.10.0
Release-Date: 2024-03-27
Protocols: file ftp ftps http https ipfs ipns scp sftp
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IDN IPv6 Largefile libz NTLM SSL threadsafe TLS-SRP UnixSockets
The client side fails with this error:
$ curl -v --connect-timeout 5 --max-time 15 \
> --user dummy:dummy \
> sftp://192.168.86.145:2222/
* Trying 192.168.86.145:2222...
* Connected to 192.168.86.145 (192.168.86.145) port 2222
echo "curl exit=$?"* Did not find host 192.168.86.145 in /home/gator/.ssh/known_hosts
* Failure establishing ssh session: -1, Unable to exchange encryption keys
* Closing connection
curl: (2) Failure establishing ssh session: -1, Unable to exchange encryption keys
For the poc:
https://github.com/bikini/exploitarium/blob/main/libssh2-cve-2026-55200-poc/poc/libpwn_cve_2026_55200_server.py
When I run it against my device, I get this error on the server side:
❓Can you please add support for any of these ciphers (aes128-ctr, aes192-ctr, aes256-ctr, aes256-cbc, aes192-cbc, aes128-cbc...) ?
I am using curl with the following features:
~$ curl -V curl 8.7.1 (aarch64-oe-linux-gnu) libcurl/8.7.1 OpenSSL/3.0.18 zlib/1.2.11 libidn2/2.3.2 libssh2/1.10.0 Release-Date: 2024-03-27 Protocols: file ftp ftps http https ipfs ipns scp sftp Features: alt-svc AsynchDNS HSTS HTTPS-proxy IDN IPv6 Largefile libz NTLM SSL threadsafe TLS-SRP UnixSocketsThe client side fails with this error: