We have implemented KrakenD and I must say that I am very impressed how easy the installation and configuration process has been. The documentation is one of the best I have ever seen.
Märt Suga
Software Architect / Single.Earth
CVE-2026-39827
Medium
False Positivegolang.org/x/crypto/ssh package is a transitive dependency but its SSH server
code paths are never invoked during KrakenD operation. The dependency was upgraded
as a precaution.Addressed through routine dependency maintenance in CE 2.13.6 and EE 2.13.4.
Component
golang.org/x/crypto (SSH)
Disclosed
May 26, 2026
golang.org/x/crypto/ssh server leaks memory when an authenticated client
repeatedly opens and has channels rejected. Over time, this accumulated memory
leak can exhaust server resources, leading to denial of service.Stay up to date with KrakenD releases and important updates