CVE-2026-39828

golang.org/x/crypto/ssh vulnerable to invoking bypass of certificate restrictions

Description

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading

Score

6.3

Severity

Medium

Ecosystem

Publish Date

June 25, 2026

Modified Date

June 25, 2026

Score Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Affected Versions