PatchSiren cyber security CVE debrief
CVE-2026-39829 golang.org/x/crypto CVE debrief
CVE-2026-39829 describes a denial-of-service issue in Go's RSA and DSA public key parsing and verification path. The parsers did not enforce size limits on key parameters, so an attacker could supply a crafted public key with an excessively large RSA modulus or DSA parameter and force several minutes of CPU consumption during signature verification. The issue could be triggered by unauthenticated clients during public key authentication.
- Vendor
- golang.org/x/crypto
- Product
- golang.org/x/crypto/ssh
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-22
- Original CVE updated
- 2026-05-22
- Advisory published
- 2026-05-22
- Advisory updated
- 2026-05-22
Who should care
Operators and developers using Go applications that accept untrusted public keys, especially services that perform public key authentication or signature verification on attacker-controlled input. Internet-facing systems are the highest concern because the trigger does not require prior authentication.
Technical summary
According to the supplied description, RSA public key moduli were not bounded and DSA parameters were not validated tightly enough, allowing pathological inputs to create expensive verification work. The stated fix limits RSA moduli to 8192 bits and validates DSA parameters per FIPS 186-2. The impact is CPU exhaustion rather than data theft or code execution, but the unauthenticated trigger makes it operationally important.
Defensive priority
High for exposed systems that use Go crypto parsing on untrusted input; moderate for internal or tightly controlled deployments. Prioritize if the affected code sits on authentication or other request paths that can be reached without prior trust.
Recommended defensive actions
- Review whether your Go-based services accept public key authentication or otherwise parse RSA/DSA public keys from untrusted clients.
- Apply the Go security fix referenced by the official announcement and package advisory GO-2026-5018 as soon as your maintenance process allows.
- If immediate patching is not possible, reduce exposure of public key authentication endpoints and rate-limit or isolate services that must remain reachable.
- Monitor for unusual CPU spikes or prolonged request handling in authentication flows that could indicate abuse of this issue.
- Confirm that any downstream products or embedded Go components are rebuilt or updated with the fixed Go release.
Evidence notes
All statements above are based on the supplied CVE description and the official Go references in the source corpus. The corpus explicitly states that the parsers lacked size limits, that crafted public keys could cause several minutes of CPU consumption during signature verification, that unauthenticated clients could trigger the issue during public key authentication, and that the fix limits RSA moduli to 8192 bits and validates DSA parameters per FIPS 186-2. No CVSS score or exploit details were provided in the corpus.
Official resources
Publicly disclosed on 2026-05-22 per the supplied CVE and NVD timestamps, with official Go security references included in the source corpus.