Bug 2480685 (CVE-2026-39832) - CVE-2026-39832 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: Security bypass due to improper handling of key restrictions
Summary: CVE-2026-39832 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: ...
Keywords:
Status: NEW
Alias: CVE-2026-39832
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2493051 2493052 2493053 2493054 2493055 2493056 2493057 2493059 2493061 2493063 2493064 2493065 2493068 2493069 2493070 2493071 2493072 2493073 2493076 2493077 2493078 2493079 2493080 2493083 2493085 2493087 2493089 2493090 2493091 2493093 2493094 2493095 2493096 2493097 2493058 2493060 2493062 2493066 2493067 2493074 2493075 2493081 2493082 2493084 2493086 2493088 2493092
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-05-22 04:02 UTC by OSIDB Bzimport
Modified: 2026-07-13 16:23 UTC (History)
60 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:35833 0 None None None 2026-07-06 04:52:46 UTC
Red Hat Product Errata RHSA-2026:36199 0 None None None 2026-07-07 13:00:25 UTC
Red Hat Product Errata RHSA-2026:36796 0 None None None 2026-07-08 15:51:13 UTC
Red Hat Product Errata RHSA-2026:37072 0 None None None 2026-07-09 05:14:39 UTC
Red Hat Product Errata RHSA-2026:37123 0 None None None 2026-07-09 07:15:43 UTC
Red Hat Product Errata RHSA-2026:37410 0 None None None 2026-07-09 18:37:43 UTC

Description OSIDB Bzimport 2026-05-22 04:02:03 UTC
When adding a key to a remote agent constraint extensions such as restrict-destination-v00 were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.

Comment 2 errata-xmlrpc 2026-07-06 04:52:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:35833 https://access.redhat.com/errata/RHSA-2026:35833

Comment 3 errata-xmlrpc 2026-07-07 13:00:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:36199 https://access.redhat.com/errata/RHSA-2026:36199

Comment 4 errata-xmlrpc 2026-07-08 15:51:10 UTC
This issue has been addressed in the following products:

  RHEM 1.0 for RHEL 9

Via RHSA-2026:36796 https://access.redhat.com/errata/RHSA-2026:36796

Comment 5 errata-xmlrpc 2026-07-09 05:14:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:37072 https://access.redhat.com/errata/RHSA-2026:37072

Comment 6 errata-xmlrpc 2026-07-09 07:15:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:37123 https://access.redhat.com/errata/RHSA-2026:37123

Comment 7 errata-xmlrpc 2026-07-09 18:37:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:37410 https://access.redhat.com/errata/RHSA-2026:37410


Note You need to log in before you can comment on or make changes to this bug.