CVE-2026-39835
published 2026-05-22CVE-2026-39835: SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a…
PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCNINAL
EPSS
0.27%
18.9th percentile
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.
Affected
200 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| advanced-cluster-security | rhacs-main-rhel8 | — | — |
| advanced-cluster-security | rhacs-main-rhel9 | — | — |
| advanced-cluster-security | rhacs-operator-bundle | — | — |
| advanced-cluster-security | rhacs-rhel8-operator | — | — |
| advanced-cluster-security | rhacs-rhel9-operator | — | — |
| advanced-cluster-security | rhacs-roxctl-rhel8 | — | — |
| advanced-cluster-security | rhacs-roxctl-rhel9 | — | — |
| advanced-cluster-security | rhacs-scanner-rhel8 | — | — |
| advanced-cluster-security | rhacs-scanner-rhel9 | — | — |
| advanced-cluster-security | rhacs-scanner-slim-rhel8 | — | — |
| advanced-cluster-security | rhacs-scanner-slim-rhel9 | — | — |
| advanced-cluster-security | rhacs-scanner-v4-rhel8 | — | — |
| advanced-cluster-security | rhacs-scanner-v4-rhel9 | — | — |
| assisted | agent-preinstall-image-builder-rhel9 | — | — |
| buildah_project | buildah | — | — |
| cert-manager | jetstack-cert-manager-acmesolver-rhel9 | — | — |
| cert-manager | jetstack-cert-manager-rhel9 | — | — |
| compliance | openshift-security-profiles-operator-bundle | — | — |
| compliance | openshift-security-profiles-rhel8-operator | — | — |
| container-tools_rhel8 | buildah | — | — |
| container-tools_rhel8 | podman | — | — |
| cryostat | cryostat-storage-rhel9 | — | — |
| devspaces | traefik-rhel9 | — | — |
| devworkspace | devworkspace-project-clone-rhel9 | — | — |
| devworkspace | devworkspace-rhel9-operator | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow
ghsa·2026-06-25
CVE-2026-39835 [MEDIUM] CWE-295 golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow
golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.
Red Hat
golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
vendor_redhat·2026-05-22·CVSS 5.3
CVE-2026-39835 [MEDIUM] CWE-476 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.
A flaw was found in golang.org/x/crypto/ssh. SSH servers configured to use CertChecker as a public key callback, without explicitly setting IsUserAuthority or IsHostAuthority, are vulnerable. A remote attacker can exploit this by presenting a specially crafted certificate, causing the server to panic and resulting in a Denial of Service (DoS).
Statement: This is an Important denial of service flaw in `golang.org/x/crypto/ssh` affect
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-39835 kubernetes1.33: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 kubernetes1.33: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 kubernetes1.33: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 podman: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 podman: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 podman: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
Hi Isaiah, can we update the CVE bug filing tool to ignore CVEs that are known to not affect redhat software? Is there ever a case where a bug is known to not affect anything yet a bz is justified?
Bugzilla
CVE-2026-39835 gh: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 gh: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 gh: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 podman-tui: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 podman-tui: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 podman-tui: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 rootlesskit: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 rootlesskit: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 rootlesskit: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 docker-buildx: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 docker-buildx: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 docker-buildx: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 nuclei: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 nuclei: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 nuclei: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 forgejo-runner: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 forgejo-runner: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 forgejo-runner: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 containers-common: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 containers-common: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 containers-common: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 docker-buildkit: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 docker-buildkit: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 docker-buildkit: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 doctl: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 doctl: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 doctl: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 openbao: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 openbao: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 openbao: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 pack: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 pack: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 pack: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 vhs: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 vhs: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 vhs: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 DankMaterialShell: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 DankMaterialShell: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 DankMaterialShell: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 buildah: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 buildah: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 buildah: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 podman-tui: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 podman-tui: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 podman-tui: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 nebula: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 nebula: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 nebula: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 age: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 age: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 age: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 opentofu: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 opentofu: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 opentofu: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 matterbridge: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 matterbridge: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 matterbridge: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 forgejo: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 forgejo: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 forgejo: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 gopass: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 gopass: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 gopass: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 gopass-jsonapi: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 gopass-jsonapi: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 gopass-jsonapi: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 inspektor-gadget: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 inspektor-gadget: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 inspektor-gadget: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 kubernetes1.34: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 kubernetes1.34: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 kubernetes1.34: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 trayscale: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 trayscale: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 trayscale: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 matterbridge: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 matterbridge: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 matterbridge: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 trivy: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 trivy: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 trivy: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 chezmoi: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 chezmoi: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 chezmoi: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 vagrant: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 vagrant: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 vagrant: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 golang-github-cloudflare-cfssl: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 golang-github-cloudflare-cfssl: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 golang-github-cloudflare-cfssl: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 cri-o1.31: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 cri-o1.31: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 cri-o1.31: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 pack: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 pack: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 pack: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 cri-o1.34: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 cri-o1.34: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 cri-o1.34: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 golang-github-theoapp-theo-agent: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 golang-github-theoapp-theo-agent: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 golang-github-theoapp-theo-agent: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 singularity-ce: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 singularity-ce: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 singularity-ce: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 incus: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 incus: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 incus: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 headscale: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 headscale: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 headscale: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 opkssh: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 opkssh: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 opkssh: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 gh: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 gh: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 gh: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 rclone: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 rclone: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 rclone: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 complyctl: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 complyctl: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 complyctl: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 moby-engine: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 moby-engine: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 moby-engine: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
moby [ docker-29.x][?⇣] Elapsed: 2s
❯ go mod why -m golang.org/x/crypto/ssh
# golang.org/x/crypto/ssh
(main module does not need module golang.org/x/crypto/ssh)
cli [ 29.x]
❯ go mod why -m golang.org/x/crypto/ssh
# golang.org/x/crypto/ssh
(main module does not need module golang.org/x/crypto/ssh)
Bugzilla
CVE-2026-39835 apptainer: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 apptainer: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 apptainer: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 caddy: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 caddy: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 caddy: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 golang-x-crypto: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 golang-x-crypto: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 golang-x-crypto: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 transifex-client: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 transifex-client: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 transifex-client: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 cri-o1.35: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 cri-o1.35: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 cri-o1.35: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 caddy: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 caddy: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 caddy: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 golang-github-cloudflare-redoctober: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 golang-github-cloudflare-redoctober: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 golang-github-cloudflare-redoctober: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 ollama: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 ollama: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 ollama: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 kubernetes1.35: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 kubernetes1.35: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 kubernetes1.35: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 clash-meta: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 clash-meta: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 clash-meta: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 openbao: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 openbao: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 openbao: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 kubernetes1.31: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 kubernetes1.31: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 kubernetes1.31: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 google-guest-agent: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 google-guest-agent: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 google-guest-agent: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 tailscale: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 tailscale: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 tailscale: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 forgejo: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 forgejo: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 forgejo: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 prometheus-podman-exporter: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 prometheus-podman-exporter: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 prometheus-podman-exporter: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 k9s: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 k9s: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 k9s: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Discussion:
golang.org/x/crypto/ssh is not used by k9s...
Bugzilla
CVE-2026-39835 docker-compose: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 docker-compose: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 docker-compose: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 prometheus-podman-exporter: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 prometheus-podman-exporter: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 prometheus-podman-exporter: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 age: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 age: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 age: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 restic: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 restic: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 restic: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 golang-github-francoispqt-gojay: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 golang-github-francoispqt-gojay: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 golang-github-francoispqt-gojay: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 apptainer: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 apptainer: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 apptainer: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 cri-o1.32: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 cri-o1.32: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 cri-o1.32: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 kubernetes1.32: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 kubernetes1.32: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 kubernetes1.32: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 nng: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 nng: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 nng: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 cheat: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 cheat: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 cheat: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 golang-x-crypto: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 golang-x-crypto: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 golang-x-crypto: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 kubernetes1.36: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 kubernetes1.36: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 kubernetes1.36: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 grype: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 grype: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 grype: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 rclone: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 rclone: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 rclone: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 cri-o1.33: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 cri-o1.33: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 cri-o1.33: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 cri-o1.30: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 cri-o1.30: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 cri-o1.30: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 gvisor-tap-vsock: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 gvisor-tap-vsock: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 gvisor-tap-vsock: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 clash-meta: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 clash-meta: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 clash-meta: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 chezmoi: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 chezmoi: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 chezmoi: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 jfrog-cli: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 jfrog-cli: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 jfrog-cli: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 singularity-ce: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 singularity-ce: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 singularity-ce: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 restic: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 restic: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 restic: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 golang-github-git-5: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 golang-github-git-5: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 golang-github-git-5: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 hcloud: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 hcloud: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 hcloud: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 kubernetes1.30: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 kubernetes1.30: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 kubernetes1.30: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 nuclei: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 nuclei: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 nuclei: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 trivy: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 trivy: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 trivy: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 gopass-hibp: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 gopass-hibp: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 gopass-hibp: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 cri-o: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 cri-o: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 cri-o: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 opkssh: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 opkssh: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 opkssh: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 golang-github-acme-lego: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 golang-github-acme-lego: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 golang-github-acme-lego: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 forgejo-runner: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 forgejo-runner: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
CVE-2026-39835 forgejo-runner: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 golang-github-facebookincubator-go2chef: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
bugzilla·2026-06-26·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 golang-github-facebookincubator-go2chef: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
CVE-2026-39835 golang-github-facebookincubator-go2chef: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-39835 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
bugzilla·2026-05-22·CVSS 5.3
CVE-2026-39835 [MEDIUM] CVE-2026-39835 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
CVE-2026-39835 golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.
https://go.dev/cl/781660https://go.dev/issue/79563https://groups.google.com/g/golang-announce/c/a082jnz-LvIhttps://pkg.go.dev/vuln/GO-2026-5015https://access.redhat.com/security/cve/CVE-2026-39835https://bugzilla.redhat.com/show_bug.cgi?id=2480680https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39835.json
2026-05-22
Published