New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
UNKNOWN Go

Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

GO-2026-5015 · CVE-2026-39835 · GHSA-78mq-xcr3-xm33

Published · Modified

Description

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.

Ready to move

Start Securing

Free, no credit card | First findings in minutes