The Go security team published a coordinated batch of nine security fixes for golang.org/x/crypto — the extended cryptography library that provides SSH client and server implementations for Go applications — on 22 May 2026. The batch includes CVE-2026-46595 (CVSS 10.0), which re-opens CVE-2024-45337, a previously patched SSH authentication bypass for services using non-public-key authentication callback functions.
golang.org/x/crypto/ssh is a fundamental building block of Go infrastructure: it underpins SSH connectivity in Kubernetes components, cloud provider CLIs (including AWS, Google Cloud, and Azure CLI tools written in Go), CI/CD pipeline tooling, container orchestration systems, and countless enterprise Go applications. The simultaneous disclosure of nine vulnerabilities — three at CVSS 9.0 or above — makes this one of the most significant Go security events in recent years.
CVE-2026-46595: The Critical Auth Bypass (CVSS 10.0)
CVE-2026-46595 is a re-opening of CVE-2024-45337, a critical authentication bypass that was patched in late 2024. Applications using the ServerConfig.PublicKeyCallback function for SSH authentication were vulnerable to a bypass where an attacker could authenticate without a valid public key under specific callback return conditions.
The 2024 patch introduced a fix, but CVE-2026-46595 identifies a regression: the fix only applies to public key callbacks. Applications using keyboard-interactive authentication, password authentication, or custom authentication callback methods were not covered by the 2024 patch. An unauthenticated attacker can exploit this regression to authenticate to SSH services using these alternate methods without valid credentials.
Any Go application that implements an SSH server using golang.org/x/crypto/ssh and uses non-public-key authentication methods should be treated as potentially exposed to credential-less authentication until updated.
Other High-Severity CVEs in the Batch
CVE-2026-39831 (CVSS 9.1) — FIDO/U2F Presence Check Bypass: A flaw in the FIDO/U2F authentication support allows an attacker to bypass user presence verification, enabling authentication without the expected physical interaction with a security key.
CVE-2026-39834 (CVSS 9.1) — Integer Overflow on 4GB Write: An integer overflow in SSH packet handling when processing very large write operations (>4GB) can lead to memory corruption in the SSH session handler. Exploitable via a connected session.
CVE-2026-39833 (CVSS 9.1) — Keyring ConfirmBeforeUse Bypass: Authentication keyring entries marked with ConfirmBeforeUse can be used without triggering the expected confirmation prompt, enabling silently escalated access in applications relying on this confirmation mechanism for privilege gating.
The remaining five CVEs in the batch range from CVSS 4.3 to 7.8, covering denial-of-service conditions and information disclosure.
Enterprise Impact Assessment
The affected library appears in:
Kubernetes: Multiple Kubernetes components use golang.org/x/crypto/ssh for SSH-based node management and debugging. Kubernetes cluster management infrastructure running vulnerable versions requires updating.
CI/CD tooling: Tools like Drone CI, Woodpecker, and numerous Go-based CI runners use the library for SSH agent forwarding and repository connectivity.
Cloud provider CLIs: CLI tools written in Go for major cloud providers include transitive dependencies on golang.org/x/crypto. Check vendor-specific security bulletins for affected CLI tool versions.
Custom Go applications: Any Go application implementing an SSH server or client using the library directly. Applications should be rebuilt against golang.org/x/crypto v0.36.0 or later, which includes all nine fixes.
Remediation
Update golang.org/x/crypto to v0.36.0 or later in all affected Go applications:
go get golang.org/x/[email protected]
go mod tidyRebuild and redeploy all affected applications. For containerised deployments, rebuild container images with the updated dependency and redeploy.
For applications using SSH server functionality with non-public-key authentication: treat any instance that was accessible from untrusted networks on a vulnerable version as potentially compromised and audit SSH authentication logs for anomalous sessions.
Share this article