5 matches found
EUVD-2026-31390
golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys...
SUSE CVE-2026-39832
When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...
CVE-2026-39832
CVE-2026-39832 concerns how remote agent constraint extensions are serialized. The issue allowed destination restrictions (e.g., [email protected]) to be stripped when forwarding keys, effectively enabling unrestricted use of the key on the remote host. The description notes th...
CVE-2026-39832
When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...
CVE-2026-35042
fast-jwt provides fast JSON Web Token JWT implementation. In 6.1.0 and earlier, fast-jwt does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that fast-jwt does not understand, the library accepts the token...