CVE-2026-39832

Gravedad:

Pendiente de análisis

Tipo:

No Disponible / Otro tipo

Fecha de publicación:

22/05/2026

Última modificación:

22/05/2026

Descripción

*** Pendiente de traducción *** When adding a key to a remote agent constraint extensions such as restrict-destination-v00@openssh.com were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.

Impacto

Referencias a soluciones, herramientas e información

https://go.dev/cl/778642
https://go.dev/issue/79435
https://groups.google.com/g/golang-announce/c/a082jnz-LvI
https://pkg.go.dev/vuln/GO-2026-5006