When an SSH server authentication callback returned
PartialSuccessError with non-nil Permissions, those
permissions were silently discarded, potentially
dropping certificate restrictions such as force-command
after a second factor succeeded. Returning non-nil
Permissions with PartialSuccessError now results in a
connection error.
Thanks to NCC Group Cryptography Services, sponsored by Teleport for reporting this issue.
This is CVE-2026-39828 and Go issue https://go.dev/issue/79562.
This was a PRIVATE track issue, tracked in http://b/503007173.
When an SSH server authentication callback returned
PartialSuccessError with non-nil Permissions, those
permissions were silently discarded, potentially
dropping certificate restrictions such as force-command
after a second factor succeeded. Returning non-nil
Permissions with PartialSuccessError now results in a
connection error.
Thanks to NCC Group Cryptography Services, sponsored by Teleport for reporting this issue.
This is CVE-2026-39828 and Go issue https://go.dev/issue/79562.
This was a PRIVATE track issue, tracked in http://b/503007173.