Important: runfinch-finch

Issue Overview: An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state a...

CVE-2026-39831

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

GO-2026-5019 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh

The Verify method for FIDO/U2F security key types [email protected], [email protected] did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior,...

PT-2026-42710

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The Verify method for FIDO/U2F security key types [email protected] and [email protected] failed to check the User Presence flag. This...

PT-2024-24606 · Tillitis · Tillitis Tkey Signer Device Application

Name of the Vulnerable Software and Affected Versions: Tillitis TKey signer device application versions prior to 1.0.0 Description: A vulnerability has been found in the Tillitis TKey signer device application, an ed25519 signing tool, which makes it possible to disclose portions of the TKey’s da...