{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-39835", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2026-04-07T18:13:03.529Z", "datePublished": "2026-05-22T02:31:26.982Z", "dateUpdated": "2026-06-30T12:05:49.323Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2026-05-22T02:31:26.982Z"}, "title": "Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh", "descriptions": [{"lang": "en", "value": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil."}], "affected": [{"vendor": "golang.org/x/crypto", "product": "golang.org/x/crypto/ssh", "collectionURL": "https://pkg.go.dev", "packageName": "golang.org/x/crypto/ssh", "versions": [{"version": "0", "lessThan": "0.52.0", "status": "affected", "versionType": "semver"}], "programRoutines": [{"name": "CertChecker.CheckHostKey"}, {"name": "CertChecker.Authenticate"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-476: NULL Pointer Dereference"}]}], "references": [{"url": "https://go.dev/issue/79563"}, {"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"}, {"url": "https://go.dev/cl/781660"}, {"url": "https://pkg.go.dev/vuln/GO-2026-5015"}], "credits": [{"lang": "en", "value": "NCC Group Cryptography Services, sponsored by Teleport"}]}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-05-22T17:44:50.320380Z", "id": "CVE-2026-39835", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-22T17:45:10.853Z"}}, {"affected": [{"cpes": ["cpe:/a:redhat:assisted_installer:2"], "defaultStatus": "affected", "product": "Assisted Installer for Red Hat OpenShift Container Platform 2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_builds:1"], "defaultStatus": "affected", "product": "Builds for Red Hat OpenShift", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:cert_manager:1"], "defaultStatus": "affected", "product": "cert-manager Operator for Red Hat OpenShift", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:confidential_compute_attestation:1"], "defaultStatus": "affected", "product": "Confidential Compute Attestation", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:cryostat:4"], "defaultStatus": "affected", "product": "Cryostat 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:external_secrets_operator:1"], "defaultStatus": "affected", "product": "External Secrets Operator for Red Hat OpenShift", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:multicluster_engine"], "defaultStatus": "affected", "product": "Multicluster Engine for Kubernetes", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_api_data_protection:1"], "defaultStatus": "affected", "product": "OpenShift API for Data Protection", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_pipelines:1"], "defaultStatus": "affected", "product": "OpenShift Pipelines", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:serverless:1"], "defaultStatus": "affected", "product": "OpenShift Serverless", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:acm:2"], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Management for Kubernetes 2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4"], "defaultStatus": "affected", "product": "Red Hat Advanced Cluster Security 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:ceph_storage:9"], "defaultStatus": "affected", "product": "Red Hat Ceph Storage 9", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:edge_manager:1"], "defaultStatus": "affected", "product": "Red Hat Edge Manager 1", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:10"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 10", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 8", "vendor": "Red Hat"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "defaultStatus": "affected", "product": "Red Hat Enterprise Linux 9", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_ai"], "defaultStatus": "affected", "product": "Red Hat OpenShift AI (RHOAI)", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift:4"], "defaultStatus": "affected", "product": "Red Hat OpenShift Container Platform 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_data_foundation:4"], "defaultStatus": "affected", "product": "Red Hat Openshift Data Foundation 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_devspaces:3"], "defaultStatus": "affected", "product": "Red Hat OpenShift Dev Spaces", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:devworkspace"], "defaultStatus": "affected", "product": "Red Hat OpenShift Dev Workspaces Operator", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:windows_machine_config"], "defaultStatus": "affected", "product": "Red Hat OpenShift for Windows Containers", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_gitops:1"], "defaultStatus": "affected", "product": "Red Hat OpenShift GitOps", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_service_on_aws:1"], "defaultStatus": "affected", "product": "Red Hat OpenShift on AWS", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:container_native_virtualization:4"], "defaultStatus": "affected", "product": "Red Hat OpenShift Virtualization 4", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openstack:16.2"], "defaultStatus": "affected", "product": "Red Hat OpenStack Platform 16.2", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openstack:18.0"], "defaultStatus": "affected", "product": "Red Hat OpenStack Platform 18.0", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:quay:3"], "defaultStatus": "affected", "product": "Red Hat Quay 3", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:trusted_artifact_signer:1"], "defaultStatus": "affected", "product": "Red Hat Trusted Artifact Signer", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openshift_security_profiles_operator:1"], "defaultStatus": "affected", "product": "Security Profiles Operator", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:zero_trust_workload_identity_manager:1"], "defaultStatus": "affected", "product": "Zero Trust Workload Identity Manager", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:zero_trust_workload_identity_manager:0"], "defaultStatus": "affected", "product": "Zero Trust Workload Identity Manager - Tech Preview", "vendor": "Red Hat"}, {"cpes": ["cpe:/a:redhat:openstack:17.1"], "defaultStatus": "unaffected", "product": "Red Hat OpenStack Platform 17.1", "vendor": "Red Hat"}], "datePublic": "2026-05-22T02:31:26.982Z", "descriptions": [{"lang": "en", "value": "A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to panic and resulting in a Denial of Service (DoS)."}], "metrics": [{"other": {"content": {"namespace": "https://access.redhat.com/security/updates/classification/", "value": "Important"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["vdb-entry", "x_refsource_REDHAT"], "url": "https://access.redhat.com/security/cve/CVE-2026-39835"}, {"name": "RHBZ#2480680", "tags": ["issue-tracking", "x_refsource_REDHAT"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2480680"}, {"tags": ["x_sadp-csaf-vex"], "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39835.json"}], "timeline": [{"lang": "en", "time": "2026-05-22T04:01:27.279Z", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2026-05-22T02:31:26.982Z", "value": "Made public."}], "title": "golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}], "x_adpType": "supplier", "x_generator": {"engine": "sadp-cli 1.0.0"}, "providerMetadata": {"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c", "shortName": "redhat-SADP", "dateUpdated": "2026-06-30T12:05:49.323Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-39835", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-22T17:44:50.320380Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-22T17:45:06.921Z"}}], "cna": {"title": "Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh", "credits": [{"lang": "en", "value": "NCC Group Cryptography Services, sponsored by Teleport"}], "affected": [{"vendor": "golang.org/x/crypto", "product": "golang.org/x/crypto/ssh", "versions": [{"status": "affected", "version": "0", "lessThan": "0.52.0", "versionType": "semver"}], "packageName": "golang.org/x/crypto/ssh", "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "programRoutines": [{"name": "CertChecker.CheckHostKey"}, {"name": "CertChecker.Authenticate"}]}], "references": [{"url": "https://go.dev/issue/79563"}, {"url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"}, {"url": "https://go.dev/cl/781660"}, {"url": "https://pkg.go.dev/vuln/GO-2026-5015"}], "descriptions": [{"lang": "en", "value": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-476: NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2026-05-22T02:31:26.982Z"}}}, "cveMetadata": {"cveId": "CVE-2026-39835", "state": "PUBLISHED", "dateUpdated": "2026-05-22T17:45:10.853Z", "dateReserved": "2026-04-07T18:13:03.529Z", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "datePublished": "2026-05-22T02:31:26.982Z", "assignerShortName": "Go"}, "dataVersion": "5.2"}

{"affected": [{"affectedData": [{"collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "packageName": "golang.org/x/crypto/ssh", "product": "golang.org/x/crypto/ssh", "programRoutines": [{"name": "CertChecker.CheckHostKey"}, {"name": "CertChecker.Authenticate"}], "vendor": "golang.org/x/crypto", "versions": [{"lessThan": "0.52.0", "status": "affected", "version": "0", "versionType": "semver"}]}], "source": "security@golang.org"}], "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:*", "matchCriteriaId": "D540395B-31B8-4B07-8F79-F5C631BBD5C8", "versionEndExcluding": "0.52.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil."}], "id": "CVE-2026-39835", "lastModified": "2026-06-17T10:42:40.197", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}], "ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2026-39835", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "role": "CISA Coordinator", "timestamp": "2026-05-22T17:44:50.320380Z", "version": "2.0.3"}}]}, "published": "2026-05-22T04:16:24.530", "references": [{"source": "security@golang.org", "tags": ["Issue Tracking"], "url": "https://go.dev/cl/781660"}, {"source": "security@golang.org", "tags": ["Issue Tracking"], "url": "https://go.dev/issue/79563"}, {"source": "security@golang.org", "tags": ["Mailing List"], "url": "https://groups.google.com/g/golang-announce/c/a082jnz-LvI"}, {"source": "security@golang.org", "tags": ["Vendor Advisory"], "url": "https://pkg.go.dev/vuln/GO-2026-5015"}], "sourceIdentifier": "security@golang.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,0.52.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "golang.org/x/crypto/ssh", "source": "cna", "vendor": "golang.org/x/crypto"}, "product": "ssh", "vendor": "golang"}], "created": "2026-05-22T04:30:25.965396+00:00", "updated": "2026-05-28T20:15:16.758664+00:00", "vendors": ["golang", "golang$PRODUCT$ssh"]}