Flexibility, performance and robustness are defining KrakenD just to name a few, we were able to quickly and easily build a robust gateway for our systems and we keep enjoying it everyday.
Samy Lastmann
CTO / Smart Tribune
CVE-2025-58181
Medium
False Positivegolang.org/x/crypto/ssh
package is a transitive dependency but its SSH code paths are never invoked during
KrakenD operation. The dependency was upgraded as a precaution.Addressed through routine dependency maintenance in CE 2.12.1 and EE 2.12.1.
Component
x/crypto/ssh
Disclosed
Nov 21, 2025
x/crypto/ssh package do not validate the number of mechanisms
specified in a GSSAPI authentication request. An unauthenticated attacker can send a
crafted request with an unbounded mechanism list, causing uncontrolled memory
allocation and exhausting server resources (DoS). Fixed in golang.org/x/crypto v0.45.0.Stay up to date with KrakenD releases and important updates