CVE-2026-39832

ADVISORY - nist

Summary

When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.

EPSS Score⁠: 0.0003 (0.089)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-502⁠

Deserialization of Untrusted Data

Impacted images

Advisories

NIST

CREATED

7 days ago

UPDATED

5 hours ago

ADVISORY IDCVE-2026-39832⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-502⁠

CVSS SCORE

9.1critical

Debian

CREATED

4 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2026-39832⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

6 days ago

UPDATED

3 hours ago

ADVISORY IDCVE-2026-39832⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

GoLang

CREATED

7 days ago

UPDATED

7 days ago

ADVISORY IDGO-2026-5006⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 hours ago

UPDATED

3 hours ago

ADVISORY ID

CGA-jw4w-5j43-rpwr

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY