CVE-2026-39832

Vulnerability

In the Go x/crypto/ssh/agent package, when adding a key to a remote agent, constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. This allowed destination restrictions to be silently stripped when forwarding keys to a remote host, enabling unrestricted use of the forwarded key. The vulnerability affects versions before v0.52.0 of the package [2], [3].

Exploitation

An attacker who can cause a user to forward an SSH key via an agent can exploit this by receiving the key without the intended destination restrictions. The attacker does not need authentication beyond the forwarded key; any host to which the key is forwarded can use it without restriction. The original user assumes the destination constraints are enforced, but they are silently ignored.

Impact

Successful exploitation allows an attacker to use the forwarded SSH key on any remote host, bypassing intended destination restrictions. This leads to unauthorized access to systems that the key would normally be restricted from, resulting in potential information disclosure, privilege escalation, or lateral movement.

Mitigation

The vulnerability is fixed in golang.org/x/crypto v0.52.0 (and later) [2]. Users should update their dependency to this version or newer. The fix ensures all constraint extensions are serialized when forwarding keys, and the NewKeyring() function now rejects keys with unsupported constraint extensions instead of silently ignoring them [3]. No workaround is available other than updating.