CVE-2026-39829

⚠️ high

Summary

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.

CVSS Score

7.5

High

EPSS Score

0.0

Exploit Probability

Published Date

2026-05-22

First Seen: 2026-05-23

📊 Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 69.0% of all 325,680 vulnerabilities in our database.

#100,992

Above average severity

Severity Percentile

🎯 CISA SSVC Assessment Updated: May 22, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Partial

Limited system impact

🏆 Discovered By

NCC Group Cryptography Services, sponsored by Teleport

SSVC data provided by CISA

Last Modified 2026-06-02

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE IDs (Weakness Types)

CWE-347

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
golang	crypto	Affected	< 0.52.0

🔗 References 5

https://go.dev/cl/781641

Issue Tracking

https://go.dev/cl/781661

Issue Tracking

https://go.dev/issue/79565

Issue Tracking

https://groups.google.com/g/golang-announce/c/a082jn...

Mailing List

https://pkg.go.dev/vuln/GO-2026-5018

Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-39827	🔶 medium	6.5	0.0	An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory gr...	2026-05-22
CVE-2026-39828	🔶 medium	6.3	0.0	When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were...	2026-05-22
CVE-2026-39830	⛔ critical	9.1	0.1	A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection...	2026-05-22
CVE-2026-39831	⛔ critical	9.1	0.0	The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did...	2026-05-22
CVE-2026-39832	⛔ critical	9.1	0.1	When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serializ...	2026-05-22
CVE-2026-39833	⛔ critical	9.1	0.0	The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enf...	2026-05-22

These CVEs affect the same products