ByteOS Network

CVE Vulnerability Details :

CVE-2026-32952

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-24 Apr, 2026 | 01:46

Updated At-24 Apr, 2026 | 16:29

▼CVE Numbering Authority (CNA)

go-ntlmssp NTLM challenges can panic on malformed payloads

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.

Affected Products

Vendor

Azure

Product

go-ntlmssp

Versions

Affected

< 0.1.1

Problem Types

Type	CWE ID	Description
CWE	CWE-190	CWE-190: Integer Overflow or Wraparound

Type: CWE

CWE ID: CWE-190

Description: CWE-190: Integer Overflow or Wraparound

Metrics

Version	Base score	Base severity	Vector
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

Hyperlink	Resource
https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj	x_refsource_CONFIRM
https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1	x_refsource_MISC

Hyperlink: https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj

Resource:

x_refsource_CONFIRM

Hyperlink: https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References