CVE-2026-32952

ADVISORY - github

Summary

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue.

EPSS Score⁠: 0.00068 (0.210)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-190⁠

Integer Overflow or Wraparound

ADVISORY - github

CWE-190⁠

Integer Overflow or Wraparound

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.