CVE-2026-39828

ADVISORY - golang

Summary

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.

Common Weakness Enumeration (CWE)

Impacted images

Advisories

GoLang

CREATED

3 hours ago

UPDATED

3 hours ago

ADVISORY IDGO-2026-5014⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY