CVE-2026-39831

Vulnerability

In the golang.org/x/crypto package (specifically in the ssh module), the Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com and sk-ssh-ed25519@openssh.com) did not check the User Presence flag. According to the relevant advisories [2][3], this allowed signatures generated without physical touch to be accepted. The issue affects versions before v0.52.0 of the package.

Exploitation

An attacker with access to a machine where the SSH agent holds the FIDO/U2F key can trigger signature requests without requiring the user to physically touch the key. The Verify() method would accept the signature even when the User Presence flag was not set. No additional privileges or user interaction beyond the initial possession of the agent are needed [2][3].

Impact

Successful exploitation undermines the security guarantee of requiring physical presence for hardware security key authentication. An attacker can authenticate to remote SSH servers as the legitimate user without the user's active consent, potentially leading to unauthorized access and data compromise [2][3].

Mitigation

The fix is included in golang.org/x/crypto version v0.52.0. Users should update to this version or later. For those needing backward compatibility, the previous behavior can be restored by returning a "no-touch-required" extension in Permissions.Extensions from PublicKeyCallback, but this weakens security [2][3]. No other workarounds are documented.