CVE-2026-39829
Analyzed Analyzed - Analysis Complete
RSA Public Key Parsing Denial of Service via Large Modulus

Publication date: 2026-05-22

Last updated on: 2026-06-02

Assigner: Go Project

Description
The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public key authentication. RSA moduli are now limited to 8192 bits, and DSA parameters are validated per FIPS 186-2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-22
Last Modified
2026-06-02
Generated
2026-06-11
AI Q&A
2026-05-22
EPSS Evaluated
2026-06-10
NVD
CVE-2026-39829
EUVD
EUVD-2026-31396
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
golang crypto to 0.52.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-347 The product does not verify, or incorrectly verifies, the cryptographic signature for data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability involves the RSA and DSA public key parsers in Go, which did not enforce size limits on key parameters.

An attacker can craft a public key with an excessively large modulus or DSA parameter, causing the signature verification process to consume several minutes of CPU time.

This excessive CPU consumption can be triggered by unauthenticated clients during public key authentication.

To mitigate this, RSA moduli are now limited to 8192 bits, and DSA parameters are validated according to FIPS 186-2 standards.

Impact Analysis

This vulnerability can lead to a denial-of-service (DoS) condition by causing excessive CPU consumption during signature verification.

Unauthenticated clients can exploit this by sending crafted public keys with large parameters, which can slow down or disrupt services relying on public key authentication.

Mitigation Strategies

To mitigate this vulnerability, ensure that you are using the latest version of the golang.org/x/crypto package, specifically version v0.52.0 or later, where the issue has been fixed.

The fix enforces size limits on RSA moduli (limited to 8192 bits) and validates DSA parameters according to FIPS 186-2 standards, preventing crafted public keys with excessively large parameters from causing excessive CPU consumption.

Updating your Go environment and any dependent packages that use the affected SSH functions (such as Dial, NewClientConn, ParseAuthorizedKey) will help prevent denial-of-service attacks triggered by unauthenticated clients during public key authentication.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

The vulnerability involves crafted RSA or DSA public keys with excessively large parameters causing high CPU consumption during signature verification. Detection would involve monitoring for unusually high CPU usage during public key authentication attempts, especially from unauthenticated clients.

Since the vulnerability is triggered by public key authentication using malformed keys, one approach is to analyze SSH authentication logs for repeated or suspicious public key authentication attempts that coincide with CPU spikes.

Specific commands to detect this vulnerability are not provided in the available resources.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-39829. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart