CVE-2026-39827: CVE-2026-39827: Denial of Service via Unbounded Memory Growth in Go SSH (golang.org/x/crypto/ssh)

CVE-2026-39827: Denial of Service via Unbounded Memory Growth in Go SSH (golang.org/x/crypto/ssh)

Vulnerability ID: CVE-2026-39827
CVSS Score: 6.5
Published: 2026-06-25

An unbounded memory leak vulnerability in the Go SSH package (golang.org/x/crypto/ssh) allows authenticated users to crash the server by repeatedly requesting connection channels that are rejected, leading to system resource exhaustion.

TL;DR

A memory leak in golang.org/x/crypto/ssh prior to version 0.52.0 allows authenticated clients to trigger a Denial of Service by repeatedly sending channel requests that the server rejects.

---

Technical Details

• CWE ID: CWE-401
• Attack Vector: Network (AV:N)
• CVSS Score: 6.5 (Medium)
• EPSS Score: 0.00196
• Impact: Denial of Service (DoS) / Memory Exhaustion
• Exploit Status: None (No public exploits)
• KEV Status: Not listed

Affected Systems

• Go application servers using golang.org/x/crypto/ssh to run SSH server-side services
• Gitea SSH servers
• Docker/Podman daemon SSH components
• HashiCorp Vault SSH secrets engine
• golang.org/x/crypto/ssh: < 0.52.0 (Fixed in: 0.52.0)

Code Analysis

Commit: 6c195c8

ssh: remove rejected channels from connection's channel list

diff --git a/ssh/channel.go b/ssh/channel.go
index cc0bb7ab64..00e4cebb5d
--- a/ssh/channel.go
+++ b/ssh/channel.go
@@ -530,7 +530,17 @@ func (ch *channel) Reject(reason RejectionReason, message string) error {
        Language: "en",
    }
    ch.decided = true
-   return ch.sendMessage(reject)
+   err := ch.sendMessage(reject)
+
+   // Remove the channel from the mux to prevent memory leaks.
+   // Do not call ch.close() here: no goroutine holds a reference to a
+   // rejected channel's internal channels (msg, incomingRequests), so
+   // removing it from chanList is sufficient for GC. Calling close()
+   // would race with the mux loop goroutine (handlePacket or dropAll),
+   // causing a panic from closing an already-closed channel.
+   ch.mux.chanList.remove(ch.localId)
+
+   return err
 }

Mitigation Strategies

• Upgrade golang.org/x/crypto to version 0.52.0 or higher.
• Recompile all statically linked Go binaries using the updated library.
• Implement monitoring for rapid SSH channel creation failures per session.

Remediation Steps:

1. Identify all internal Go projects that utilize the 'golang.org/x/crypto/ssh' package.
2. Run 'go get golang.org/x/crypto@v0.52.0' in the root directory of the affected projects.
3. Run 'go mod tidy' to update the dependency tree and lock files.
4. Rebuild the binaries and redeploy the affected applications.

References

• Gerrit Change List 781320
• Go Review Source Code
• Go GitHub Issue #35127
• Go Vulnerability Database Advisory
• CVE-2026-39827 Record

---

Read the full report for CVE-2026-39827 on our website for more details including interactive diagrams and full exploit analysis.