Skip to main content

golang.org/x/crypto CVE-2026-39832

| EUVDEUVD-2026-31390 CRITICAL
Deserialization of Untrusted Data (CWE-502)
2026-05-22 Go GHSA-f5wc-c3c7-36mc
9.1
CVSS 3.1 · Vendor: Go
Share

Severity by source

Vendor (Go) PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
SUSE
CRITICAL
qualitative
Red Hat
8.7 HIGH
qualitative

Primary rating from Vendor (Go).

CVSS VectorVendor: Go

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Analysis Generated
May 28, 2026 - 15:22 vuln.today
CVSS changed
May 28, 2026 - 15:22 NVD
9.1 (None) 9.1 (CRITICAL)
Patch available
May 22, 2026 - 04:31 EUVD
CVE Published
May 22, 2026 - 02:31 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.

AnalysisAI

Constraint extension stripping in the golang.org/x/crypto SSH agent client (versions prior to 0.52.0) allows remote SSH hosts to use forwarded keys without the destination restrictions the user intended. When clients added keys to a remote agent, extensions such as restrict-destination-v00@openssh.com were silently dropped during serialization, effectively converting scoped keys into unrestricted ones on downstream hosts. No public exploit identified at time of analysis and EPSS is very low (0.02%), but SSVC rates technical impact as total and automatable.

Technical ContextAI

The flaw resides in the SSH agent client implementation under golang.org/x/crypto/ssh/agent, a Go package widely embedded in SSH tooling, CI runners, bastions, and orchestration agents that need to forward keys. The Add code path failed to serialize SSH agent protocol constraint extensions (notably the OpenSSH restrict-destination-v00@openssh.com extension defined to bind a key to specific hop/host pairs) when sending the SSH_AGENTC_ADD_ID_CONSTRAINED message to a remote agent. Although tagged with CWE-502 (Deserialization of Untrusted Data) and the 'Deserialization' tag, the root cause is more accurately a serialization omission: constraint TLV blobs were not written into the request, so the remote agent received an unconstrained key. The companion fix also hardens the in-memory NewKeyring() to reject unknown constraint extensions rather than silently honoring keys as unrestricted.

RemediationAI

Vendor-released patch: golang.org/x/crypto v0.52.0 - upgrade the module via 'go get golang.org/x/crypto@v0.52.0' and rebuild all affected binaries, then redeploy (Go vulnerabilities are not fixed by runtime updates because the library is statically linked). Track the fix via the upstream change at https://go.dev/cl/778642, the announcement at https://groups.google.com/g/golang-announce/c/a082jnz-LvI, and the Go vulnerability database entry at https://pkg.go.dev/vuln/GO-2026-5006. As an interim compensating control until binaries are rebuilt, disable agent forwarding to untrusted hosts (ForwardAgent no in ssh_config and remove ssh -A invocations), or stop relying on destination restrictions and instead use short-lived signed certificates or per-host keys so that a stripped-constraint key still has limited blast radius; note this trade-off increases operational overhead but is the only effective workaround since the client silently misbehaves and cannot be reconfigured.

More in SSH

View all
CVE-2014-6271 CRITICAL POC
9.8 Sep 24

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which

CVE-2014-6278 HIGH POC
8.8 Sep 30

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi

CVE-2014-7169 CRITICAL POC
9.8 Sep 25

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of

CVE-2012-6066 CRITICAL POC
9.3 Dec 04

freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demons

CVE-2014-6277 CRITICAL POC
10.0 Sep 27

GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, whi

CVE-2023-25136 MEDIUM POC
6.5 Feb 03

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. Rated medium se

CVE-2016-6210 MEDIUM POC
5.9 Feb 13

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static

CVE-2015-5600 HIGH POC
8.1 Aug 03

The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processin

CVE-2016-6515 HIGH POC
7.5 Aug 07

The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password a

CVE-2024-6387 HIGH POC
8.1 Jul 01

Remote code execution in OpenSSH's sshd server (regression of CVE-2006-5051) allows unauthenticated remote attackers to

CVE-2012-5975 CRITICAL POC
9.3 Dec 04

The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6

CVE-2023-48795 MEDIUM POC
5.9 Dec 18

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remot

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
openSUSE Leap 16.0 Fixed
openSUSE Tumbleweed Fixed
SLES15-SP6-CHOST-BYOS-GCE Fixed
SLES15-SP7-CHOST-BYOS-GCE Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed

Share

CVE-2026-39832 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy