Listen to this Post
How CVE-2026-39835 Works
The vulnerability resides in the `golang.org/x/crypto/ssh` package, a widely-used library implementing SSH clients and servers in Go. Specifically, it affects the `CertChecker` type, which is responsible for validating SSH certificates presented by clients during the authentication phase.
When an SSH server uses `CertChecker` as a public key callback, it must set either the `IsUserAuthority` or `IsHostAuthority` field to define which certificate authorities (CAs) are trusted. These fields are function pointers that the `CertChecker` invokes to determine whether a given certificate is signed by a trusted authority.
In vulnerable versions (before v0.52.0), if a server configures a `CertChecker` but leaves both `IsUserAuthority` and `IsHostAuthority` as nil, the `CertChecker` does not handle this misconfiguration gracefully. When a client presents an SSH certificate during the `CheckHostKey` or authentication flow, the `CertChecker` attempts to call these nil function pointers. In Go, calling a nil function pointer results in a runtime panic, which crashes the server process.
An unauthenticated attacker can exploit this by connecting to the vulnerable server and presenting any SSH certificate (even a self-signed or invalid one). The server will attempt to validate the certificate, hit the nil callback, and panic — causing a denial of service (DoS). The crash affects all connected users and renders the service unavailable until the process is restarted.
The vulnerability is triggered purely by the client’s ability to present a certificate; no prior authentication is required. The attack vector is network-based, with low attack complexity and no special requirements. This makes it particularly dangerous for publicly exposed SSH servers.
The fix, implemented in version v0.52.0, changes the behavior so that `CertChecker` returns an explicit error instead of panicking when these callbacks are nil. This allows the server to handle the error gracefully and reject the client without crashing. The vulnerability was discovered and reported by NCC Group Cryptography Services, sponsored by Teleport.
DailyCVE Form
| Field | Value |
|-|-|
| Platform | golang.org/x/crypto/ssh |
| Version | < v0.52.0 |
| Vulnerability | Nil callback panic |
| Severity | Moderate (CVSS 8.7) |
| Date | 2026-05-22 |
| Prediction | Patch expected 2026-05-22 |
What Undercode Say
Analytics:
- EPSS Score: 0.02% (6th percentile) — low probability of active exploitation
- CVSS v3.1 Base Score: 8.7 (High) — Network exploitable, low complexity, no privileges required
- CWE: CWE-248 (Uncaught Exception) / CWE-295 (Improper Certificate Validation)
- Affected Range: All versions of `golang.org/x/crypto/ssh` before v0.52.0
- Fix Version: v0.52.0
Bash Commands & Code:
Check your current version go list -m golang.org/x/crypto Update to the patched version go get golang.org/x/[email protected] Verify the update go mod tidy go list -m golang.org/x/crypto
Vulnerable Code Example:
// VULNERABLE: Both callbacks are nil
checker := &ssh.CertChecker{
// IsUserAuthority and IsHostAuthority are not set
}
config := &ssh.ServerConfig{
PublicKeyCallback: checker.Authenticate,
// ...
}
Fixed Code Example:
// FIXED: Set at least one authority callback
checker := &ssh.CertChecker{
IsUserAuthority: func(cert ssh.Certificate) bool {
// Implement authority validation logic
return true
},
// Or set IsHostAuthority similarly
}
config := &ssh.ServerConfig{
PublicKeyCallback: checker.Authenticate,
// ...
}
Exploit
An attacker can trigger the panic by connecting to a vulnerable SSH server and presenting any certificate during authentication:
Connect with a crafted certificate (example using ssh client) ssh -o CertificateFile=./crafted-cert.pub user@vulnerable-server
The server will crash with a panic similar to:
panic: runtime error: invalid memory address or nil pointer dereference [signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x...] goroutine ... [bash]: golang.org/x/crypto/ssh.(CertChecker).Authenticate(...) /path/to/crypto/ssh/certificate.go:...
Because no authentication is required to trigger the crash, the attack is trivial to execute from any network position. The crash affects all connected users and requires manual or automated process restart to restore service.
Protection
- Upgrade immediately to `golang.org/x/crypto/ssh` version v0.52.0 or higher.
- If upgrade is not possible, ensure that both `IsUserAuthority` and `IsHostAuthority` are properly set in any `CertChecker` instance used as a public key callback.
- Verify configuration by auditing all `ssh.ServerConfig` initializations for `CertChecker` usage.
- Implement process monitoring and automatic restart mechanisms as a temporary mitigation while patching.
- Consider network-layer access controls to restrict SSH access to trusted IP ranges, reducing exposure until patches are applied.
Impact
- Availability: High impact — server process crashes, causing complete DoS.
- Confidentiality: None — no data exposure.
- Integrity: None — no data modification.
- Authentication Bypass: None — the vulnerability does not grant access, only crashes the server.
- Attack Complexity: Low — simple certificate presentation triggers the panic.
- Privileges Required: None — unauthenticated remote attacker.
- User Interaction: None — fully automated exploitation possible.
- Scope: All vulnerable SSH servers using `CertChecker` without proper callback configuration are affected.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
