For certain crafted inputs, a ed25519.PrivateKey was
created by casting malformed wire bytes, leading to a
panic when used.
Thanks to NCC Group Cryptography Services, sponsored by Teleport for reporting this issue.
This is CVE-2026-46598 and Go issue https://go.dev/issue/79596.
This was a PUBLIC track issue, tracked in http://b/515398597.
For certain crafted inputs, a
ed25519.PrivateKeywascreated by casting malformed wire bytes, leading to a
panic when used.
Thanks to NCC Group Cryptography Services, sponsored by Teleport for reporting this issue.
This is CVE-2026-46598 and Go issue https://go.dev/issue/79596.
This was a PUBLIC track issue, tracked in http://b/515398597.