Zurück zur CVE-Übersicht
CVE-2026-39828
MEDIUM(6.3)CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Risk Signal Score16/100 — NIEDRIG
- CVSS 6.3 — Mittel
EPSS-Score
0%
Exploit-Wahrscheinlichkeit (30 Tage)
CVSS Score
6.3
Technische Schwere
Beschreibung
When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.
GitHub Advisories
GHSA-45gg-vh54-h5m9MEDIUM
golang.org/x/crypto vulnerable to invoking bypass of certificate restrictions
go/golang.org/x/crypto→ 0.52.0
GitHub AdvisoryReferenzen
- https://go.dev/cl/781621
- https://go.dev/issue/79562
- https://groups.google.com/g/golang-announce/c/a082jnz-LvI
- https://pkg.go.dev/vuln/GO-2026-5014
- https://access.redhat.com/errata/RHSA-2026:26546
- https://access.redhat.com/errata/RHSA-2026:26547
- https://access.redhat.com/errata/RHSA-2026:36105
- https://access.redhat.com/errata/RHSA-2026:36167
- https://access.redhat.com/errata/RHSA-2026:36207
- https://access.redhat.com/errata/RHSA-2026:36319