CVE-2026-39828

Vulnerability

In the golang.org/x/crypto SSH server implementation, when an authentication callback returns a PartialSuccessError with non-nil Permissions, those permissions are silently discarded. This affects certificate-based restrictions such as force-command that are encoded in the Permissions field. The vulnerability exists in versions before v0.52.0 of the package [1][2][3].

Exploitation

An attacker must authenticate to an SSH server that uses a callback returning PartialSuccessError with non-nil Permissions. The attacker presents a certificate that includes restrictions (e.g., a force-command constraint). After a second authentication factor succeeds, the server discards the Permissions, allowing the attacker to bypass the intended restrictions. No additional privileges or network position beyond normal SSH authentication are required [1][2][3].

Impact

Successful exploitation allows the attacker to execute commands or operations that should have been restricted by the certificate’s Permissions. For example, a force-command restriction intended to limit the user to a specific command is dropped, enabling arbitrary command execution with the authenticated user’s privileges. This can lead to privilege escalation or unauthorized access to resources [1][2][3].

Mitigation

The issue is fixed in golang.org/x/crypto version v0.52.0, released on 2026-05-22. The fix causes the server to return a connection error when a callback returns non-nil Permissions with PartialSuccessError, preventing the silent discard. No workaround is available; users must update to the patched version. The vulnerability is not listed in CISA’s Known Exploited Vulnerabilities catalog [1][2][3].