CVE-2026-39830
9.1 CRITICALA malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop
Published: 2026-05-22 · Last updated: 2026-06-02
Severity and scoring
- CVSS
- 9.1 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
- CWE
- CWE-119
Affected products
| Vendor | Product |
|---|---|
| golang | crypto |
Description
A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-42506 — Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
- CVE-2026-42502 — Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
- CVE-2026-39821 — The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label (9.6 CRITICAL)
- CVE-2026-27136 — Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
- CVE-2026-25681 — Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree (6.1 MEDIUM)
Same CWE
- CVE-2026-0409 — A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Intern...
- CVE-2026-11623 — A security vulnerability has been detected in tmux up to 3.6a (4.5 MEDIUM)
- CVE-2026-11557 — A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9 (8.8 HIGH)
- CVE-2026-11553 — A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon (8.8 HIGH)
- CVE-2026-11528 — A vulnerability was found in Tenda AC18 15.03.05.05 (8.8 HIGH)