Improper Enforcement of Message Integrity During Transmission in a Communication Channel in github.com/golang/crypto

CVE-2026-39827

github.com/golang/crypto
golang.org/x/crypto

Medium

6.5/10

Summary

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for garbage collection. The issue affects versions prior to 0.52.0

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel

The software establishes a communication channel with an endpoint and receives a message from that endpoint, but it does not sufficiently ensure that the message was not modified during transmission.

References

Advisory Timeline

Published May 22, 2026

Improper Enforcement of Message Integrity During Transmission in a Communication Channel in github.com/golang/crypto

CVE-2026-39827

Summary

CWE-924 - Improper Enforcement of Message Integrity During Transmission in a Communication Channel

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS