SecBoard
Zurück zur CVE-Übersicht

CVE-2026-46595

CRITICAL(10.0)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L

Risk Signal Score25/100 — MITTEL
  • CVSS 10 — Kritisch

EPSS-Score

0%

Exploit-Wahrscheinlichkeit (30 Tage)

CVSS Score

10

Technische Schwere

Beschreibung

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.

GitHub Advisories

GHSA-x527-x647-q7ggCRITICAL

golang.org/x/crypto: Invoking VerifiedPublicKeyCallback permissions skip enforcement

go/golang.org/x/crypto0.52.0
GitHub Advisory

Referenzen