cbcvebase.
CVE-2026-39834
published 2026-05-22

CVE-2026-39834: When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop…

PriorityP352critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
0.47%
36.9th percentile
When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation.

Affected

5 ranges
VendorProductVersion rangeFixed in
golang.orgx_crypto_golang.org_x_crypto_ssh< 0.52.00.52.0
golang.orgx_crypto_ssh>= 0 < 0.52.00.52.0
golangcrypto< 0.52.00.52.0
ubuntugoogle-guest-agent
ubuntulxd

CVSS provenance

nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
vendor_ubuntu9.1CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.