8.8
CVE-2026-39828
- EPSS 0.31%
- Veröffentlicht 22.05.2026 02:31:26
- Zuletzt bearbeitet 09.07.2026 13:17:02
- Quelle security@golang.org
- CVE-Watchlists
- Unerledigt
Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.233 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.3 | 2.8 | 3.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| 0b0ca135-0b70-47e7-9f44-1890c2a1c46c | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-281 Improper Preservation of Permissions
The product does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
https://go.dev/issue/79562
https://go.dev/cl/781621
https://bugzilla.redhat.com/show_bug.cgi?id=2480687
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-39828.json
https://groups.google.com/g/golang-announce/c/a082jnz-LvI
https://pkg.go.dev/vuln/GO-2026-5014
https://access.redhat.com/errata/RHSA-2026:26546
https://access.redhat.com/errata/RHSA-2026:26547
https://access.redhat.com/errata/RHSA-2026:36167
https://access.redhat.com/security/cve/CVE-2026-39828
https://access.redhat.com/errata/RHSA-2026:36319
https://access.redhat.com/errata/RHSA-2026:36207
https://access.redhat.com/errata/RHSA-2026:36625
https://access.redhat.com/errata/RHSA-2026:36648
https://access.redhat.com/errata/RHSA-2026:36105
https://access.redhat.com/errata/RHSA-2026:36651
https://access.redhat.com/errata/RHSA-2026:36796
https://access.redhat.com/errata/RHSA-2026:36797
https://access.redhat.com/errata/RHSA-2026:37271
https://access.redhat.com/errata/RHSA-2026:36808
https://access.redhat.com/errata/RHSA-2026:37268