Skip to main content
NewWhen the SSH Server Attacks the Client: libssh2 CVE-2026-55200

Learn DevOps by doing,
not just reading.

647+ simulators, quizzes, and hands-on exercises for engineers who prefer a terminal over a slide deck.

Join 5,000+ DevOps engineers learning every week

kubectl --watch
$
devops-daily --stats

// featured

Interactive Simulators

Browse all simulators

// categories

Popular Categories

Explore our content by topic

// exercises

Hands-On Exercises

Practice real-world DevOps scenarios with step-by-step guidance

View all exercises

// quizzes

Test Your Knowledge

Short interactive quizzes across Docker, Kubernetes, Terraform, networking, and more

// posts

Latest Posts

Stay up to date with the latest DevOps content

Security

When the SSH Server Attacks the Client: libssh2 CVE-2026-55200

You spent years hardening sshd. This bug does not care. CVE-2026-55200 is a pre-auth heap overflow in libssh2 where a malicious SSH server takes over the client that connects to it, no credentials needed. And libssh2 is a client library hiding in curl, git tooling, and backup jobs all over your pipeline. Here is the bug, who is actually exposed, and how to find it in your stack.

|8 min read
DevOps

A Postgres-Backed MCP Server in ~20 Lines

Most of what an MCP server does is run database queries on behalf of an AI agent. So I put one right next to the database. Here is a Postgres-backed MCP server built on Neon Functions, deployed onto a database branch, with the code, a live client test, and the repo.

|10 min read
DevOps

Stop Using Random UUIDs as Primary Keys: uuidv7() Lands in PostgreSQL 18

Random UUIDv4 primary keys quietly wreck insert speed and bloat indexes on large tables. PostgreSQL 18 ships a native time-ordered uuidv7() that keeps the upsides of UUIDs without the B-tree penalty. Here are the numbers and how to adopt it.

|10 min read
Kubernetes

hostNetwork Is Still a Footgun: What CVE-2026-32193 Teaches Every Cluster

A recent AKS advisory let an untrusted pod with hostNetwork break out to the worker node. The Azure-specific bug is patched, but the footgun that made it reachable lives on every Kubernetes cluster. Here is how the escape class works and what to actually lock down.

|11 min read
Security

Splunk Shipped an Unauthenticated Database Sidecar: CVE-2026-20253

You did not install a PostgreSQL server, but Splunk Enterprise 10 did, and in affected versions its sidecar endpoint had no authentication. The result is a pre-auth, CVSS 9.8 path to writing files on the host as the Splunk user, now on CISA's actively-exploited list. The bug is patched; the broader lesson is about every helper service your tools quietly bundle.

|7 min read
DevOps

Streaming an AI Agent Without a Function Timeout

Long agent loops and long token streams run into the same wall: a serverless function that hits its execution cap and cuts the connection. Neon Functions hold long-lived streaming connections by default. I deployed two endpoints to prove it: one streamed for 90 seconds, the other streamed an agent token by token starting at 466 ms.

|9 min read

// guides

Latest Guides

Step-by-step tutorials to boost your DevOps skills

// tools

DevOps Tools and Calculators

Free, browser-only utilities. CIDR, JWT, base64, UUID, cron, K8s sizing, YAML. No sign-up, no server.

// about

DevOps Daily is a free, independent education platform for engineers who want to learn by running things, not by reading pitch decks. Kubernetes, Docker, Terraform, CI/CD, observability, and security, through hands-on simulators, quizzes, exercises, and a weekly newsletter.

Free
$0
forever
Simulators
30+
interactive
Subscribers
5,000+
engineers
Cadence
Weekly
no spam
devops-daily --subscribe
$ echo "Weekly DevOps digest. No spam. Unsubscribe anytime."
Weekly DevOps digest. No spam. Unsubscribe anytime.
$ subscribe --email
$

5,000+ engineers subscribed