New: Corgea AI Pentesting — autonomous penetration testing in hours, not weeks
UNKNOWN Go

Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts

GO-2026-5021 · CVE-2026-42508 · GHSA-5cgq-3rg8-m6cv

Published · Modified

Description

Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked.

Ready to move

Start Securing

Free, no credit card | First findings in minutes