CVE-2026-39831

⛔ critical

Summary

The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a "no-touch-required" extension in Permissions.Extensions from PublicKeyCallback.

CVSS Score

9.1

Critical

EPSS Score

0.0

Exploit Probability

Published Date

2026-05-22

First Seen: 2026-05-23

📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 87.7% of all 328,009 vulnerabilities in our database.

#40,306

Top 25% most severe

Severity Percentile

🎯 CISA SSVC Assessment Updated: May 22, 2026

🔍 Exploitation Status

None

No known exploits

⚙️ Automatable

YES

Can be exploited automatically

💥 Technical Impact

Total

Complete system compromise possible

🏆 Discovered By

NCC Group Cryptography Services, sponsored by Teleport

SSVC data provided by CISA

Last Modified 2026-06-02

Source NVD 🔗

CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE IDs (Weakness Types)

CWE-862

📦 Affected Products 1

Vendor	Product	Status	Affected Versions
golang	crypto	Affected	< 0.52.0

🔗 References 4

https://go.dev/cl/781662

Issue Tracking

https://go.dev/issue/79566

Issue Tracking

https://groups.google.com/g/golang-announce/c/a082jn...

Mailing List

https://pkg.go.dev/vuln/GO-2026-5019

Vendor Advisory

🔗 Related CVEs 6

CVE ID	Severity	CVSS	EPSS	Summary	Published
CVE-2026-39827	🔶 medium	6.5	0.0	An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory gr...	2026-05-22
CVE-2026-39828	🔶 medium	6.3	0.0	When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were...	2026-05-22
CVE-2026-39829	⚠️ high	7.5	0.0	The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessive...	2026-05-22
CVE-2026-39830	⛔ critical	9.1	0.1	A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection...	2026-05-22
CVE-2026-39832	⛔ critical	9.1	0.1	When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serializ...	2026-05-22
CVE-2026-39833	⛔ critical	9.1	0.0	The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enf...	2026-05-22

These CVEs affect the same products