CVE-2026-46598

MEDIUM5.3EPSS 0.05%

Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

Published: 5/22/2026Modified: 5/29/2026

Description

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used.

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L