EUVD-2026-31398

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

CVE-2026-39835

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

CVE-2026-39835

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

GO-2026-5023 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

GO-2026-5019 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

CVE-2026-39835

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

PT-2026-42714

Name of the Vulnerable Software and Affected Versions SSH servers affected versions not specified Description SSH servers using CertChecker as a public key callback may experience a panic when a client presents a certificate if IsUserAuthority or IsHostAuthority are not set. A panic is a critical...

PT-2026-42716

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An authorization bypass exists in certain SSH server configurations. The issue occurs when a callback other than a public key is used, causing the source-address...

PT-2026-42799

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the OAuth token scope on the callback which allows an authenticated Mattermost user to gain access to private repositories via modifying the scope parameter in the GitHub authorization URL...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from an authorization bypass. If any type of callback other than a public key is passed,...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, where non-empty permissions are silently discarded when an Authentication callback returns...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Vulnerabilities exist in versions of Mattermost 11.6.0 and earlier 11.6.x series, as well as versions prior to 11.5.3 11.5.x series, 11.4.4 and earlier 11.4.x series, and 10.11.14 and earlier 10.11.x...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which occurs when using CertChecker as a public key callback without setting IsUserAuthority or IsHos...

PT-2026-42801

Sunshine is a self-hosted game stream host for Moonlight. In versions prior to 2026.516.143833, the client-certificate authentication can be bypassed because of how OpenSSL verification results are handled. In src/crypto.cpp, the custom verify callback treats X509 V ERR UNABLE TO GET ISSUER CERT...

PT-2026-42710

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The Verify method for FIDO/U2F security key types [email protected] and [email protected] failed to check the User Presence flag. This...

CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security bypass in pyOpenSSL [CVE-2026-27448, CVE-2026-27459]

Summary IBM Watson Speech Services Cartridge is vulnerable to a security bypass in pyOpenSSL due to a flaw allowing user provided callback to settlsextservernamecallback. This raises an unhandled exception, resulting in connections being accepted that could allow bypassing of security-sensitive...

CVE-2026-43496

In the Linux kernel, the following vulnerability has been resolved: net/sched: schred: Replace direct dequeue call with peek and qdiscdequeuepeeked When red qdisc has children eg qfq qdisc whose peek callback is qdiscpeekdequeued, we could get a kernel panic. When the parent of such qdiscs eg...

CVE-2026-22880

Mattermost Mobile Apps versions =2.37 11.4 2.0.37 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to properly validate the SSO authentication callback origin which allows an attacker controlling a malicious Mattermost server to steal user credentials for a legitimate Mattermost server via relaying the SSO...