PromptPurify is live, a tiny, powerful prompt guardrail.See it →

Sign in Talk to a security expert

Labs

Short research notes on newly disclosed vulnerabilities: the problem, the payload, and the fix.

criticalCVE-2026-42508
CVE-2026-42508: golang.org/x/crypto/ssh/knownhosts CA Revocation Bypass
A bug in Go's SSH known_hosts library meant that a revoked CA signing key was never actually checked for revocation, letting an attacker impersonate any SSH host that CA had ever certified.
criticalCVE-2026-39834
CVE-2026-39834: golang.org/x/crypto/ssh Infinite Loop via Integer Overflow on Large Channel Write
Integer overflow in golang.org/x/crypto/ssh channel.Write allows a caller to trigger an infinite loop by passing a single buffer >4 GiB, causing CPU exhaustion (DoS).
criticalCVE-2026-46595
CVE-2026-46595: golang.org/x/crypto/ssh VerifiedPublicKeyCallback Source-Address Authorization Bypass
golang.org/x/crypto/ssh < 0.52.0 skips source-address enforcement when VerifiedPublicKeyCallback is set, allowing auth from blocked IPs. CVSS 10.
criticalCVE-2026-39830
CVE-2026-39830: golang.org/x/crypto/ssh Server Deadlock via Unsolicited Global Response
Malicious SSH peer sends unsolicited MSG_REQUEST_SUCCESS/FAILURE packets to block golang.org/x/crypto/ssh read loop, causing deadlock and resource leak.
highCVE-2026-39829
CVE-2026-39829: golang.org/x/crypto/ssh RSA/DSA Key Size DoS
golang.org/x/crypto/ssh < 0.52.0 parses RSA/DSA public keys without size limits, letting unauthenticated clients trigger minutes-long CPU exhaustion.
criticalCVE-2026-39831
CVE-2026-39831: golang.org/x/crypto/ssh FIDO/U2F User Presence Check Bypass
golang.org/x/crypto/ssh skECDSA/skEd25519 Verify() never checked the FIDO UP flag, letting touch-free signatures authenticate on any server before v0.52.0.
CRITICALCVE-2026-55166
CVE-2026-55166: Lemur ACME SSRF + Creator IDOR leads to AWS IAM and PKI key compromise
Lemur <1.9.2: SSO auto-provision + unfiltered acme_url SSRF hits EC2 IMDS; creator-equality IDOR leaks private keys after ownership transfer. CVSS 9.9.
criticalCVE-2026-39832
CVE-2026-39832: golang.org/x/crypto/ssh/agent SSH Key Forwarding Constraint Bypass
golang.org/x/crypto/ssh/agent < 0.52.0 silently drops restrict-destination constraint extensions when forwarding SSH keys to a remote agent, enabling lateral movement.
highCVE-2026-46597
CVE-2026-46597: golang.org/x/crypto/ssh AES-GCM Packet Decoder Integer Underflow DoS
golang.org/x/crypto/ssh < 0.52.0: a byte-to-uint32 arithmetic underflow in gcmCipher.readCipherPacket lets any client panic an SSH server.