Skip to content

ACK Detected Controllers CVEs #2949

Description

@ack-bot
CVE ID Type Severity Installed Version Fixed Version Affected Controllers Title
CVE-2026-25680 gobinary MEDIUM v0.47.0 0.55.0 ALL golang.org/x/net/html: golang.org/x/net/html: Denial of Service due to excessive HTML parsing
CVE-2026-39824 gobinary UNKNOWN v0.38.0 0.44.0 ALL Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows
CVE-2026-39828 gobinary HIGH v0.45.0 0.52.0 [acm] golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions
CVE-2026-39830 gobinary HIGH v0.45.0 0.52.0 [acm] golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses
CVE-2026-39831 gobinary MEDIUM v0.45.0 0.52.0 [acm] The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nis ...
CVE-2026-39834 gobinary MEDIUM v0.45.0 0.52.0 [acm] When writing data larger than 4GB in a single Write call on an SSH cha ...
CVE-2026-46598 gobinary MEDIUM v0.45.0 0.52.0 [acm] golang.org/x/crypto/ssh/agent: golang: golang.org/x/crypto/ssh/agent: Denial of Service via malformed input
CVE-2026-39821 gobinary HIGH v0.47.0 0.55.0 ALL golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing
CVE-2026-39827 gobinary HIGH v0.45.0 0.52.0 [acm] An authenticated SSH client that repeatedly opened channels which were ...
CVE-2026-39832 gobinary HIGH v0.45.0 0.52.0 [acm] golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions
CVE-2026-46595 gobinary HIGH v0.45.0 0.52.0 [acm] golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation
CVE-2026-25681 gobinary HIGH v0.47.0 0.55.0 ALL golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting
CVE-2026-42502 gobinary HIGH v0.47.0 0.55.0 ALL Parsing arbitrary HTML which is then rendered using Render can result ...
CVE-2026-27136 gobinary HIGH v0.47.0 0.55.0 ALL golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass
CVE-2026-33814 gobinary HIGH v0.47.0 0.53.0 ALL net/http/internal/http2: golang: golang.org/x/net: Go HTTP/2: Denial of Service via malformed SETTINGS_MAX_FRAME_SIZE frame
CVE-2026-42506 gobinary MEDIUM v0.47.0 0.55.0 ALL golang.org/x/net/html: golang.org/x/net/html: Cross-Site Scripting (XSS) via arbitrary HTML parsing
CVE-2026-39829 gobinary HIGH v0.45.0 0.52.0 [acm] golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters
CVE-2026-39835 gobinary HIGH v0.45.0 0.52.0 [acm] golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
CVE-2026-42508 gobinary HIGH v0.45.0 0.52.0 [acm] golang.org/x/crypto/ssh/knownhosts: golang: golang.org/x/crypto/ssh/knownhosts: Revocation bypass via unchecked SignatureKey
CVE-2026-46597 gobinary HIGH v0.45.0 0.52.0 [acm] An incorrectly placed cast from bytes to int allowed for server-side p ...
CVE-2026-39833 gobinary MEDIUM v0.45.0 0.52.0 [acm] golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to unenforced key confirmation

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/cveCategorizes issue or PR as related to CVE.prow/auto-genPRs related to prow auto generation automation

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions