CVE-2026-39835

ADVISORY - github

Summary

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.

EPSS Scoreโ : 0.00273 (0.189)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Improper Certificate Validation

ADVISORY - github

Improper Certificate Validation

NULL Pointer Dereference


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in