CVE-2026-46595

Summary

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.

Affected Software

VendorProductVersion RangeStatus
golang.org/x/cryptogolang.org/x/crypto/ssh0 < 0.52.0affected

Weaknesses

  • CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Authorization bypass due to skipped source-address validation

Additional References

References