Skip to main content

golang.org/x/crypto/ssh CVE-2026-39831

| EUVDEUVD-2026-31395 CRITICAL
Missing Authorization (CWE-862)
2026-05-22 Go GHSA-89gr-r52h-f8rx
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
SUSE
CRITICAL
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jun 02, 2026 - 16:37 vuln.today
CVSS changed
Jun 02, 2026 - 16:37 NVD
9.1 (None) 9.1 (CRITICAL)
Patch available
May 22, 2026 - 04:31 EUVD
CVE Published
May 22, 2026 - 02:31 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a "no-touch-required" extension in Permissions.Extensions from PublicKeyCallback.

AnalysisAI

Authentication bypass in the Go x/crypto/ssh library (versions before 0.52.0) allows SSH servers to accept FIDO/U2F security key signatures that were generated without the required physical user touch. The Verify() method for sk-ecdsa-sha2-nistp256@openssh.com and sk-ssh-ed25519@openssh.com key types failed to check the User Presence flag, enabling unattended use of stolen or relayed hardware-token signatures. No public exploit identified at time of analysis and EPSS is very low (0.01%), but SSVC rates technical impact as total with automatable exploitation.

Technical ContextAI

The vulnerability lives in golang.org/x/crypto/ssh, the Go ecosystem's primary SSH implementation used by countless server tools, CI runners, bastions, and DevOps utilities (Terraform providers, Kubernetes tooling, Drone, etc.). FIDO/U2F SSH key types defined by OpenSSH embed a flags byte in each signature; bit 0x01 (User Presence) attests that the user physically touched the authenticator. Per CWE-862 (Missing Authorization), the library's Verify() routine for the sk-* SSH algorithms decoded the signature blob but never enforced that this flag was set, so signatures forged or captured without touch passed validation. The fix in https://go.dev/cl/781662 introduces a default touch-required check, with an opt-out via a 'no-touch-required' extension returned from PublicKeyCallback for callers that intentionally provisioned no-touch credentials.

RemediationAI

Vendor-released patch: golang.org/x/crypto v0.52.0. Update the module with 'go get golang.org/x/crypto@v0.52.0' (or higher) and rebuild and redeploy all SSH server binaries; the Go team's announcement at https://groups.google.com/g/golang-announce/c/a082jnz-LvI, issue tracker entry https://go.dev/issue/79566, and the fix CL https://go.dev/cl/781662 document the change. After upgrading, the library enforces user-presence by default; operators who legitimately enrolled no-touch FIDO credentials must explicitly opt back in by returning a 'no-touch-required' extension in Permissions.Extensions from their PublicKeyCallback, accepting the trade-off that those specific keys regain pre-patch behavior. If upgrading is blocked, a workable compensating control is to reject sk-ecdsa-sha2-nistp256@openssh.com and sk-ssh-ed25519@openssh.com algorithms in PublicKeyCallback and require traditional ed25519/ecdsa keys instead, at the cost of losing FIDO-backed SSH on those servers; further references at https://vuldb.com/vuln/365122 and https://pkg.go.dev/vuln/GO-2026-5019.

More in SSH

View all
CVE-2014-6271 CRITICAL POC
9.8 Sep 24

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which

CVE-2014-6278 HIGH POC
8.8 Sep 30

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi

CVE-2014-7169 CRITICAL POC
9.8 Sep 25

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of

CVE-2012-6066 CRITICAL POC
9.3 Dec 04

freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demons

CVE-2014-6277 CRITICAL POC
10.0 Sep 27

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi

CVE-2023-25136 MEDIUM POC
6.5 Feb 03

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. Rated medium se

CVE-2016-6210 MEDIUM POC
5.9 Feb 13

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static

CVE-2015-5600 HIGH POC
8.1 Aug 03

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processin

CVE-2016-6515 HIGH POC
7.5 Aug 07

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password a

CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2012-5975 CRITICAL POC
9.3 Dec 04

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
openSUSE Leap 16.0 Fixed
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Module for HPC 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Server 15 SP6-LTSS Affected

Share

CVE-2026-39831 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy