CVE-2026-39833

ADVISORY - nist

Summary

The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.

EPSS Score⁠: 0.00033 (0.101)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-862⁠

Missing Authorization

Impacted images

Advisories

NIST

CREATED

7 days ago

UPDATED

5 hours ago

ADVISORY IDCVE-2026-39833⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-862⁠

CVSS SCORE

9.1critical

Debian

CREATED

4 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2026-39833⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

6 days ago

UPDATED

3 hours ago

ADVISORY IDCVE-2026-39833⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

GoLang

CREATED

7 days ago

UPDATED

7 days ago

ADVISORY IDGO-2026-5005⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

3 hours ago

UPDATED

3 hours ago

ADVISORY ID

CGA-h9w7-6ppp-6fx8

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY