CVE-2026-39835

ADVISORY - nist

Summary

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.

EPSS Score⁠: 0.00025 (0.076)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-295⁠

Improper Certificate Validation

Impacted images

Advisories

NIST

CREATED

8 days ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-39835⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-295⁠

CVSS SCORE

5.3medium

Debian

CREATED

5 days ago

UPDATED

4 days ago

ADVISORY IDCVE-2026-39835⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

7 days ago

UPDATED

1 day ago

ADVISORY IDCVE-2026-39835⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

GoLang

CREATED

8 days ago

UPDATED

8 days ago

ADVISORY IDGO-2026-5015⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 hours ago

UPDATED

3 hours ago

ADVISORY ID

CGA-p8m7-4pf5-w9v8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY