Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 2026/06/25 10:14 p.m.10 views

golang.org/x/crypto doesn't drop invoking agent constraints when forwarding keys

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

9.1CVSS6AI score0.00525EPSS
Exploits0References22Affected Software1
OSV
OSV
added 2026/06/25 10:14 p.m.4 views

GHSA-F5WC-C3C7-36MC golang.org/x/crypto doesn't drop invoking agent constraints when forwarding keys

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

9.1CVSS6AI score0.00525EPSS
Exploits0References22
EUVD
EUVD
added 2026/06/25 10:14 p.m.11 views

EUVD-2026-31390

golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys...

9.1CVSS5.8AI score0.00525EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.10 views

CVE-2026-39832

A flaw was found in golang.org/x/crypto/ssh/agent. When a key was added to a remote agent, security restrictions, known as constraint extensions, were not properly processed during the request. This allowed these restrictions to be silently removed when keys were forwarded, leading to the...

9.1CVSS5.8AI score0.00525EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:31 a.m.8 views

CVE-2026-39832

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

5.9AI score0.00525EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.16 views

CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

5.9AI score0.00525EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.82 views

CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

0.00525EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 2:8 a.m.9 views

GO-2026-5006 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

9.1CVSS5.9AI score0.00525EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.20 views

PT-2026-42711

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Constraint extensions, such as [email protected], were not serialized in requests when adding a key to a remote agent. This caused destination...

9.1CVSS5.8AI score0.00525EPSS
Exploits0
Rows per page
Query Builder