We began by creating a model with the community version to assess its capabilities. Once we confirmed that this tool met our needs, we opted for an enterprise license. Simply to benefit from tools that facilitate integration into our model and address specific requirements of our architecture in terms of security, data transformation, and authentication management.
Nicolas Gabetty
Senior Engineer / Coop Atlantique
CVE-2026-39834
Medium
False Positivegolang.org/x/crypto/ssh package is a transitive dependency but its SSH channel
code paths are never invoked during KrakenD operation. The dependency was upgraded
as a precaution.Addressed through routine dependency maintenance in CE 2.13.6 and EE 2.13.4.
Component
golang.org/x/crypto (SSH)
Disclosed
May 26, 2026
golang.org/x/crypto/ssh payload size calculation
causes an infinite loop when performing channel writes larger than 4 GB. This
can hang the affected goroutine indefinitely, consuming resources and potentially
causing denial of service.Stay up to date with KrakenD releases and important updates