CVE Vulnerabilities

CVE-2026-39835

Improper Certificate Validation

Published: May 22, 2026 | Modified: Jul 10, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil.

Weakness

The product does not validate, or incorrectly validates, a certificate.

Affected Software

NameVendorStart VersionEnd Version
CryptoGolang*0.52.0 (excluding)
Red Hat Enterprise Linux 10RedHatbuildah-2:1.43.1-3.el10_2*
Red Hat Enterprise Linux 10RedHatpodman-7:5.8.2-4.el10_2*
Red Hat Enterprise Linux 9RedHatpodman-6:5.8.2-4.el9_8*
Red Hat Enterprise Linux 9RedHatbuildah-2:1.43.1-3.el9_8*
RHEM 1.0 for RHEL 9RedHatflightctl-0:1.0.3-1.el9em*
Red Hat Advanced Cluster Security for Kubernetes 4.10RedHatadvanced-cluster-security/rhacs-main-rhel8:1781686458*
Red Hat Advanced Cluster Security for Kubernetes 4.10RedHatadvanced-cluster-security/rhacs-rhel8-operator:1781686458*
Red Hat Advanced Cluster Security for Kubernetes 4.10RedHatadvanced-cluster-security/rhacs-roxctl-rhel8:1781686458*
Red Hat Advanced Cluster Security for Kubernetes 4.10RedHatadvanced-cluster-security/rhacs-scanner-v4-rhel8:1781686458*
Red Hat Advanced Cluster Security for Kubernetes 4.10RedHatadvanced-cluster-security/rhacs-scanner-rhel8:1782891789*
Red Hat Advanced Cluster Security for Kubernetes 4.10RedHatadvanced-cluster-security/rhacs-scanner-slim-rhel8:1782891789*
Red Hat Advanced Cluster Security for Kubernetes 4.11RedHatadvanced-cluster-security/rhacs-main-rhel9:1783352589*
Red Hat Advanced Cluster Security for Kubernetes 4.11RedHatadvanced-cluster-security/rhacs-operator-bundle:1783352589*
Red Hat Advanced Cluster Security for Kubernetes 4.11RedHatadvanced-cluster-security/rhacs-rhel9-operator:1783352589*
Red Hat Advanced Cluster Security for Kubernetes 4.11RedHatadvanced-cluster-security/rhacs-roxctl-rhel9:1783352589*
Red Hat Advanced Cluster Security for Kubernetes 4.11RedHatadvanced-cluster-security/rhacs-scanner-rhel9:1782925137*
Red Hat Advanced Cluster Security for Kubernetes 4.11RedHatadvanced-cluster-security/rhacs-scanner-slim-rhel9:1782925137*
Red Hat Advanced Cluster Security for Kubernetes 4.11RedHatadvanced-cluster-security/rhacs-scanner-v4-rhel9:1783352589*
Red Hat Advanced Cluster Security for Kubernetes 4.9RedHatadvanced-cluster-security/rhacs-main-rhel8:1781686446*
Red Hat Advanced Cluster Security for Kubernetes 4.9RedHatadvanced-cluster-security/rhacs-rhel8-operator:1781686446*
Red Hat Advanced Cluster Security for Kubernetes 4.9RedHatadvanced-cluster-security/rhacs-roxctl-rhel8:1781686446*
Red Hat Advanced Cluster Security for Kubernetes 4.9RedHatadvanced-cluster-security/rhacs-scanner-v4-rhel8:1781686446*
Red Hat Advanced Cluster Security for Kubernetes 4.9RedHatadvanced-cluster-security/rhacs-scanner-rhel8:1782891812*
Red Hat Advanced Cluster Security for Kubernetes 4.9RedHatadvanced-cluster-security/rhacs-scanner-slim-rhel8:1782891812*
Red Hat Edge Manager 1.0RedHatrhem/flightctl-alert-exporter-rhel9:1783502022*
Red Hat Edge Manager 1.0RedHatrhem/flightctl-alertmanager-proxy-rhel9:1783502465*
Red Hat Edge Manager 1.0RedHatrhem/flightctl-api-rhel9:1783502025*
Red Hat Edge Manager 1.0RedHatrhem/flightctl-cli-artifacts-rhel9:1783502494*
Red Hat Edge Manager 1.0RedHatrhem/flightctl-db-setup-rhel9:1783502401*
Red Hat Edge Manager 1.0RedHatrhem/flightctl-pam-issuer-rhel9:1783502403*
Red Hat Edge Manager 1.0RedHatrhem/flightctl-periodic-rhel9:1783502022*
Red Hat Edge Manager 1.0RedHatrhem/flightctl-telemetry-gateway-rhel9:1783502023*
Red Hat Edge Manager 1.0RedHatrhem/flightctl-userinfo-proxy-rhel9:1783502029*
Red Hat Edge Manager 1.0RedHatrhem/flightctl-worker-rhel9:1783502445*
Red Hat OpenShift Builds 1.7.4RedHatopenshift-builds/openshift-builds-controller-rhel9:1783057515*
Red Hat OpenShift Builds 1.7.4RedHatopenshift-builds/openshift-builds-git-cloner-rhel9:1783057529*
Red Hat OpenShift Builds 1.7.4RedHatopenshift-builds/openshift-builds-image-bundler-rhel9:1783057884*
Red Hat OpenShift Builds 1.7.4RedHatopenshift-builds/openshift-builds-image-processing-rhel9:1783058067*
Red Hat OpenShift Builds 1.7.4RedHatopenshift-builds/openshift-builds-waiters-rhel9:1783057868*
Red Hat OpenShift Builds 1.7.4RedHatopenshift-builds/openshift-builds-webhook-rhel9:1783058284*
Red Hat Openshift Data Foundation 4.22RedHatodf4/cephcsi-rhel9:1782932114*
Red Hat Openshift Data Foundation 4.22RedHatodf4/cephcsi-rhel9-operator:1782931768*
Red Hat Openshift Data Foundation 4.22RedHatodf4/devicefinder-rhel9:1782932104*
Red Hat Openshift Data Foundation 4.22RedHatodf4/mcg-core-rhel9:1783536000*
Red Hat Openshift Data Foundation 4.22RedHatodf4/mcg-rhel9-operator:1783535989*
Red Hat Openshift Data Foundation 4.22RedHatodf4/ocs-client-console-rhel9:1783536515*
Red Hat Openshift Data Foundation 4.22RedHatodf4/ocs-client-rhel9-operator:1782932521*
Red Hat Openshift Data Foundation 4.22RedHatodf4/ocs-metrics-exporter-rhel9:1783018461*
Red Hat Openshift Data Foundation 4.22RedHatodf4/ocs-rhel9-operator:1783018421*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-blackbox-exporter-rhel9:1782932812*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-cli-rhel9:1783537001*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-cloudnative-pg-rhel9-operator:1782932919*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-console-rhel9:1783537586*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-cosi-sidecar-rhel9:1782932969*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-csi-addons-rhel9-operator:1782933015*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-csi-addons-sidecar-rhel9:1782933042*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-drbd-rhel9:1783537392*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-external-snapshotter-rhel9-operator:1782933235*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-external-snapshotter-sidecar-rhel9:1782933251*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-multicluster-console-rhel9:1783537955*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-multicluster-rhel9-operator:1782933417*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-must-gather-rhel9:1783537742*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odf-rhel9-operator:1782933602*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odr-rhel9-operator:1783019377*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odr-volsync-plugin-mover-rhel9:1782934054*
Red Hat Openshift Data Foundation 4.22RedHatodf4/odr-volsync-plugin-rhel9-operator:1782934036*
Red Hat Openshift Data Foundation 4.22RedHatodf4/rook-ceph-rhel9-operator:1782934284*
Red Hat Trusted Artifact Signer 1.4RedHatconforma-cli-stack-v1-4-1.4.2*
Red Hat Trusted Artifact Signer 1.4RedHatrhtas/ctlog-monitor-rhel9:1783330572*
Red Hat Trusted Artifact Signer 1.4RedHatrhtas/rekor-monitor-rhel9:1783330572*
Red Hat Trusted Artifact Signer 1.4RedHatrhtas/cosign-rhel9:1783330691*
Red Hat Trusted Artifact Signer 1.4RedHatrhtas/fetch-tsa-certs-rhel9:1783326690*
Red Hat Trusted Artifact Signer 1.4RedHatrhtas/gitsign-rhel9:1783332061*
Red Hat Trusted Artifact Signer 1.4RedHatrhtas/rekor-cli-rhel9:1783332625*
Red Hat Trusted Artifact Signer 1.4RedHatrhtas/fulcio-rhel9:1783326847*
Red Hat Trusted Artifact Signer 1.4RedHatrhtas/rekor-backfill-redis-rhel9:1783332625*
Red Hat Trusted Artifact Signer 1.4RedHatrhtas/rekor-server-rhel9:1783332625*
Red Hat Trusted Artifact Signer 1.4RedHatrhtas/timestamp-authority-rhel9:1783326690*
Red Hat Trusted Artifact Signer 1.4RedHatconforma-cli-stack-v1-4-1.4.2*
Red Hat Trusted Artifact Signer 1.4RedHatrhtas/model-validation-rhel9-operator:1782992727*
Red Hat Trusted Artifact Signer 1.4RedHatrhtas/policy-controller-rhel9-operator:1782903492*
Golang-go.cryptoUbuntuquesting*
Google-guest-agentUbuntuquesting*
SnapdUbuntuquesting*

Potential Mitigations

References