CVE-2026-39833

Vulnerability

The in-memory keyring returned by NewKeyring() in golang.org/x/crypto silently accepted SSH keys with the ConfirmBeforeUse constraint but never enforced it [1], [2], [3]. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. This bug affected the golang.org/x/crypto package before version v0.52.0 [2].

Exploitation

An attacker who has already loaded a key with the ConfirmBeforeUse constraint into a victim's agent can request that the key sign arbitrary data. Since the constraint is never enforced, the signing proceeds without any user-interactive confirmation. No additional privileges or user interaction beyond having the constrained key in the agent are required for the attacker to exploit this behavior [1], [3].

Impact

An attacker can use a key that was expected to require per-use user confirmation to sign any data without the user's knowledge or consent. This defeats the security purpose of the ConfirmBeforeUse constraint, potentially leading to unauthorized authentication or signing operations [1], [2].

Mitigation

The vulnerability is fixed in golang.org/x/crypto version v0.52.0 [2]. Users should update to the fixed version. After the fix, NewKeyring() returns an error when unsupported constraints like ConfirmBeforeUse are requested, preventing initialization of a keyring that would silently ignore the constraint [1], [3]. No workaround is available; a full package update is required.