CVE-2026-46598

golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic

Description

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Score

5.3

Severity

Medium

Ecosystem

GO

Publish Date

June 25, 2026

Modified Date

June 25, 2026

Score Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Versions