All vulnerabilities
CVE-2026-46597
golang.org/x/crypto/ssh: Invoking byte arithmetic causes underflow and panic
Description
An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgrading
Score
7.5
Severity
High
Ecosystem
GO
Publish Date
June 25, 2026
Modified Date
June 25, 2026
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Versions
