CVE-2026-32952

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-32952

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-32952.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2026-32952

Aliases

GHSA-pjcq-xvwq-hhpj

Downstream

CLEANSTART-2026-AX33738

CLEANSTART-2026-BD19566

CLEANSTART-2026-BN28456

CLEANSTART-2026-CB00984

CLEANSTART-2026-CC08450

CLEANSTART-2026-EP10142

CLEANSTART-2026-GG06672

CLEANSTART-2026-GX87608

CLEANSTART-2026-GZ35045

CLEANSTART-2026-HK01840

CLEANSTART-2026-NS33477

CLEANSTART-2026-OF37807

CLEANSTART-2026-OU18540

CLEANSTART-2026-OX06093

CLEANSTART-2026-PM88731

CLEANSTART-2026-TK12973

CLEANSTART-2026-TX25294

CLEANSTART-2026-UO87758

DEBIAN-CVE-2026-32952

MINI-29jg-6xf5-vh84

MINI-32f8-w2f3-4w7p

MINI-32wv-8f3r-4c73

MINI-39v9-jcf7-wxgj

MINI-3q26-226w-33cc

MINI-3rgm-78wp-jvr6

MINI-3v97-5v8f-4rmm

MINI-44gg-j6wm-g57v

MINI-5f5r-84px-947x

MINI-5jqr-686j-f66m

MINI-6224-2m67-wfpc

MINI-62xw-3pxh-87qp

MINI-662w-8vv5-jhv9

MINI-66f3-qgxg-qgp7

MINI-6f29-jv5w-fjm5

MINI-6fv7-4hcc-pwfm

MINI-6pp6-55mx-47f6

MINI-6rp8-5fqp-g6mq

MINI-6rwv-cfv3-38xh

MINI-6v8p-7xvh-c4x3

MINI-8rh7-66q6-c48j

MINI-8v8v-qw7j-ggg2

MINI-95wx-mq3v-f969

MINI-974m-3rh6-wr55

MINI-996f-gmhf-6w62

MINI-997m-xm59-4hp2

MINI-c3hq-m2fx-gx32

MINI-cmxh-72x2-9hgq

MINI-crcr-c839-7r37

MINI-cvx9-2pvm-5v9h

MINI-f2cr-x74x-p837

MINI-f36x-rv8q-4gw2

MINI-f49v-2pgf-7vj9

MINI-fxrf-66v6-2654

MINI-g4p7-hcj8-g7vp

MINI-g86f-37xx-4vqf

MINI-gr6c-235w-4rq6

MINI-gr78-9886-7mj3

MINI-h7cg-5p9c-46f7

MINI-h94r-w9vj-qj59

MINI-hfq3-45cj-c33f

MINI-hp4v-wvvf-cgr6

MINI-hr9m-4prq-p8f3

MINI-j432-99vg-prg9

MINI-j993-g3rw-r23h

MINI-j9f2-r8gx-rg65

MINI-jgx3-4x2f-xmjp

MINI-jh98-7869-9q27

MINI-jv2r-j6qw-9qhc

MINI-m27r-746h-7vp2

MINI-m9xq-h2c3-3m9f

MINI-mh52-qwrr-4ffx

MINI-p3vc-pgpr-cgq7

MINI-p6hr-vrmv-7j6j

MINI-p7cp-vcrp-m2f2

MINI-p9vr-r3rv-3v5j

MINI-pghr-jgv5-4mwp

MINI-qcq6-24vv-3x7w

MINI-qfgp-pwwc-6hfj

MINI-qg7w-r7c7-q8jx

MINI-qwpp-6cf2-8vp5

MINI-qxfj-83f6-6hhw

MINI-r4vh-crph-wm4v

MINI-r6rw-pjch-qhmg

MINI-rp6x-xj7v-2982

MINI-v2m5-qwwj-qj3q

MINI-v9hc-qm2p-xg5q

MINI-vg74-rhq2-vr3p

MINI-wcrj-fxm3-8c9f

MINI-wg26-qm3m-46jf

MINI-wq86-xpc3-rww2

MINI-wq8f-4fgh-7xxr

MINI-wrff-r5jr-rfjw

MINI-x9fp-5ghp-cgvr

MINI-x9m3-q7f3-4cqj

MINI-xcjw-4cv9-8hpr

ROOT-APP-GOBINARY-CVE-2026-32952

UBUNTU-CVE-2026-32952

openSUSE-SU-2026:10672-1

openSUSE-SU-2026:10682-1

Related

Published

2026-04-24T01:46:31.573Z

Modified

2026-05-23T03:57:15.629914232Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

go-ntlmssp NTLM challenges can panic on malformed payloads

Details

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue.

Database specific

{
    "cwe_ids": [
        "CWE-190"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32952.json"
}

References

Affected packages

Git / github.com/azure/go-ntlmssp

Affected ranges

Type: GIT
Repo: https://github.com/azure/go-ntlmssp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bd8579c18d41bf5d91a5f74b1117c958f635b866

Affected versions

v0.*

v0.0.1

v0.1.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-32952.json"