- Partners
- Docs
- Compare Open Source VS Enterprise
- Contact Sales
- Downloads
I don't need to think about KrakenD, it just works.
Dave McPherson
Platform Engineering Lead / Culture Amp
I don't need to think about KrakenD, it just works.
Dave McPherson
Platform Engineering Lead / Culture Amp
CVE-2026-39831
Medium
False Positivegolang.org/x/crypto/ssh package is a transitive dependency but its SSH
authentication code paths are never invoked during KrakenD operation. The
dependency was upgraded as a precaution.Addressed through routine dependency maintenance in CE 2.13.6 and EE 2.13.4.
Component
golang.org/x/crypto (SSH)
Disclosed
May 26, 2026
golang.org/x/crypto/ssh client does not check the User Presence flag when
using FIDO/U2F authentication keys. This allows bypassing the physical interaction
requirement for FIDO/U2F keys, potentially enabling authentication without the
required hardware button press.Stay up to date with KrakenD releases and important updates