golang.org/x/crypto/ssh: CertChecker nil callback panic <0.52.0
CVE-2026-39835 Published on May 22, 2026

Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.

NVD

Vulnerability Analysis

CVE-2026-39835 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.


Products Associated with CVE-2026-39835

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Assisted Installer
 
Red Hat Openshift Builds
 
Red Hat Cert Manager
 
Red Hat Confidential Compute Attestation
 
Red Hat Cryostat
 
Red Hat External Secrets Operator
 
Red Hat Multicluster Engine
 
Red Hat Openshift Api Data Protection
 
Red Hat Openshift Pipelines
 
Red Hat Serverless
 
Red Hat Acm
 
Red Hat Advanced Cluster Security
 
Red Hat Ceph Storage
 
Red Hat Edge Manager
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Openshift Ai
 
Red Hat Openshift
 
Red Hat Openshift Data Foundation
 
Red Hat Openshift Devspaces
 
Red Hat Devworkspace
 
Red Hat Windows Machine Config
 
Red Hat Openshift Gitops
 
Red Hat Openshift Service On Aws
 
Red Hat Container Native Virtualization
 
Red Hat Openstack
 
Red Hat Quay
 
Red Hat Trusted Artifact Signer
 
Red Hat Openshift Security Profiles Operator
 
Red Hat Zero Trust Workload Identity Manager
 

Affected Versions

golang.org/x/crypto/ssh: Assisted Installer for Red Hat OpenShift Container Platform 2: Builds for Red Hat OpenShift: cert-manager Operator for Red Hat OpenShift: Red Hat Confidential Compute Attestation: Red Hat Cryostat 4: External Secrets Operator for Red Hat OpenShift: Red Hat Multicluster Engine for Kubernetes: Red Hat OpenShift API for Data Protection: Red Hat OpenShift Pipelines: Red Hat OpenShift Serverless: Red Hat Advanced Cluster Management for Kubernetes 2: Red Hat Advanced Cluster Security 4: Red Hat Ceph Storage 9: Red Hat Edge Manager 1: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 8: Red Hat Enterprise Linux 9: Red Hat OpenShift AI (RHOAI): Red Hat OpenShift Container Platform 4: Red Hat Openshift Data Foundation 4: Red Hat OpenShift Dev Spaces: Red Hat OpenShift Dev Workspaces Operator: Red Hat OpenShift for Windows Containers: Red Hat OpenShift GitOps: Red Hat OpenShift on AWS: Red Hat OpenShift Virtualization 4: Red Hat OpenStack Platform 16.2: Red Hat OpenStack Platform 18.0: Red Hat Quay 3: Red Hat Trusted Artifact Signer: Red Hat Security Profiles Operator: Red Hat Zero Trust Workload Identity Manager: Red Hat Zero Trust Workload Identity Manager - Tech Preview: Red Hat OpenStack Platform 17.1:

Exploit Probability

EPSS
0.21%
Percentile
10.85%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.