New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
UNKNOWN Go

Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh

GO-2026-5014 · CVE-2026-39828 · GHSA-45gg-vh54-h5m9

Published · Modified

Description

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.

Ready to move

Start Securing

Free, no credit card | First findings in minutes