CVE-2026-39835: Go SSH Library Server Panic Flaw
🟠High | Source: Microsoft Security Response Center CVE-2026-39835 is a vulnerability in the Go standard cryptography library (golang.org/x/crypto/ssh) that allows a remote attacker to trigger a server panic — effectively crashing the SSH server — during the host key check or authentication phase. This is a denial-of-service risk affecting any service or application built with this Go SSH package, including components deployed on Azure. It matters because a crash during authentication can be exploited without valid credentials, making it trivially weaponisable. ...