CVE-2026-39832
EUVD-2026-3139022.05.2026, 04:16
When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| golang | crypto | 𝑥 < 0.52.0 |
𝑥
= Vulnerable software versions
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| amazon-ssm-agent |
| ||||||||||||||||
| apptainer |
| ||||||||||||||||
| apptainer-sle15_6 |
| ||||||||||||||||
| buildah |
| ||||||||||||||||
| google-guest-agent |
| ||||||||||||||||
| google-osconfig-agent |
|
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| containerd |
| ||||
| containerd-debuginfo |
| ||||
| containerd-debugsource |
| ||||
| containerd-stress |
| ||||
| containerd-stress-debuginfo |
| ||||
| nerdctl |
| ||||
| nerdctl-debuginfo |
| ||||
| rclone |
| ||||
| rclone-debuginfo |
| ||||
| rclone-debugsource |
| ||||
| runfinch-finch |
|
Azure Linux Releases
Common Weakness Enumeration
- CWE-502 - Deserialization of Untrusted DataThe application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
- CWE-281 - Improper Preservation of PermissionsThe software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.
Vulnerability Media Exposure
References