SSH Auth PartialSuccessError Permissions Discarded (golang.org/x/crypto/ssh <0.52.0)
CVE-2026-39828 Published on May 22, 2026

Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.

NVD

Vulnerability Analysis

CVE-2026-39828 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

Improper Preservation of Permissions

The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.


Products Associated with CVE-2026-39828

Want to know whenever a new CVE is published for Red Hat products? stack.watch will email you.

Red Hat Assisted Installer
 
Red Hat Openshift Builds
 
Red Hat Cert Manager
 
Red Hat Confidential Compute Attestation
 
Red Hat Cryostat
 
Red Hat External Secrets Operator
 
Red Hat Multicluster Engine
 
Red Hat Openshift Api Data Protection
 
Red Hat Openshift Pipelines
 
Red Hat Serverless
 
Red Hat Acm
 
Red Hat Advanced Cluster Security
 
Red Hat Ceph Storage
 
Red Hat Edge Manager
 
Red Hat Enterprise Linux (RHEL)
 
Red Hat Openshift Ai
 
Red Hat Openshift
 
Red Hat Openshift Devspaces
 
Red Hat Devworkspace
 
Red Hat Windows Machine Config
 
Red Hat Openshift Gitops
 
Red Hat Openshift Service On Aws
 
Red Hat Container Native Virtualization
 
Red Hat Openstack
 
Red Hat Quay
 
Red Hat Trusted Artifact Signer
 
Red Hat Openshift Security Profiles Operator
 
Red Hat Zero Trust Workload Identity Manager
 
Red Hat Openshift Data Foundation
 

Affected Versions

golang.org/x/crypto/ssh: Assisted Installer for Red Hat OpenShift Container Platform 2: Builds for Red Hat OpenShift: cert-manager Operator for Red Hat OpenShift: Red Hat Confidential Compute Attestation: Red Hat Cryostat 4: External Secrets Operator for Red Hat OpenShift: Red Hat Multicluster Engine for Kubernetes: Red Hat OpenShift API for Data Protection: Red Hat OpenShift Pipelines: Red Hat OpenShift Serverless: Red Hat Advanced Cluster Management for Kubernetes 2: Red Hat Advanced Cluster Security 4: Red Hat Ceph Storage 9: Red Hat Edge Manager 1: Red Hat Enterprise Linux 10: Red Hat Enterprise Linux 9: Red Hat OpenShift AI (RHOAI): Red Hat OpenShift Container Platform 4: Red Hat OpenShift Dev Spaces: Red Hat OpenShift Dev Workspaces Operator: Red Hat OpenShift for Windows Containers: Red Hat OpenShift GitOps: Red Hat OpenShift on AWS: Red Hat OpenShift Virtualization 4: Red Hat OpenStack Platform 16.2: Red Hat OpenStack Platform 18.0: Red Hat Quay 3: Red Hat Trusted Artifact Signer: Red Hat Security Profiles Operator: Red Hat Zero Trust Workload Identity Manager: Red Hat Zero Trust Workload Identity Manager - Tech Preview: Red Hat Enterprise Linux 8: Red Hat Openshift Data Foundation 4: Red Hat OpenStack Platform 17.1:

Exploit Probability

EPSS
0.17%
Percentile
6.90%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.