SecBoard
Zurück zur CVE-Übersicht

CVE-2026-39828

MEDIUM(6.3)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Risk Signal Score16/100 — NIEDRIG
  • CVSS 6.3 — Mittel

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

6.3

Technische Schwere

Beschreibung

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.

GitHub Advisories

GHSA-45gg-vh54-h5m9MEDIUM

golang.org/x/crypto vulnerable to invoking bypass of certificate restrictions

go/golang.org/x/crypto0.52.0
GitHub Advisory

Referenzen