CVE-2026-39828

216.73.217.22

· Published 22/05/2026 04:16 · Modified 22/05/2026 04:16

Labels: CVE-2026-39828 2026-05-22 CVE-2026-39828 [email protected]

Essential information

Published: 22/05/2026 04:16
Modified: 22/05/2026 04:16
Author: —
Creator: —
CISA KEV: No
CWE: —
CVSS vector

Description

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: [email protected]
NVD: View on NVD

Affected products (CPE)

Product	CPE
golang / ssh	`cpe:2.3:a:golang:ssh::::::::`

CVE-2026-39828

Essential information

Description

NVD status

Affected products (CPE)

References