Flexibility, performance and robustness are defining KrakenD just to name a few, we were able to quickly and easily build a robust gateway for our systems and we keep enjoying it everyday.
Samy Lastmann
CTO / Smart Tribune
CVE-2026-39829
Medium
False Positivegolang.org/x/crypto/ssh package is a transitive dependency but its SSH server
code paths are never invoked during KrakenD operation. The dependency was upgraded
as a precaution.Addressed through routine dependency maintenance in CE 2.13.6 and EE 2.13.4.
Component
golang.org/x/crypto (SSH)
Disclosed
May 26, 2026
golang.org/x/crypto/ssh server can be crashed pre-authentication by a
client presenting pathological RSA or DSA key parameters. The malformed key
triggers excessive computation or a panic, enabling unauthenticated denial of
service.Stay up to date with KrakenD releases and important updates