CVE-2026-39831 - Go x/crypto ssh FIDO presence bypass
golang.org/x/crypto/ssh before 0.52.0 accepts FIDO/U2F security-key
signatures without checking the User Presence flag. That means signatures
generated without a physical touch can be accepted when the application expects
human presence enforcement.
This is an authentication policy bypass for Go SSH server or verifier code that trusts hardware-key presence semantics.
When to use it
- A repository builds Go SSH servers, gateways, bastions, Git/CI access services, agent endpoints, or verifiers that accept FIDO/U2F SSH public keys.
- Authentication policy assumes user presence or physical touch for
sk-ecdsa-sha2-nistp256@openssh.comorsk-ssh-ed25519@openssh.comkeys. - Code uses
Permissions.Extensions["no-touch-required"], custom public-key callbacks, authorized principals, or SSH certificate policy. - You need a bounded PR or triage note that upgrades
x/cryptoand makes security-key no-touch behavior explicit.
Inputs
- Go modules, vendored trees, SSH auth code, public-key callbacks, certificate policy, authorized-principal mapping, SBOMs, generated reports, images, and runbooks.
- Resolved
golang.org/x/cryptoversions, accepted key types, no-touch extension policy, audit logs, privileged role mapping, and rollout owners. - Available
go test, auth regression tests, build, image build, SBOM, and dependency/security scan commands.
Affected versions
- Vulnerable:
golang.org/x/crypto/ssh <0.52.0 - Fixed:
0.52.0+ - Affected surface: FIDO/U2F SSH public-key verification
Indicator-of-exposure
- The repository resolves
golang.org/x/crypto <0.52.0. - Code accepts
sk-ecdsa-sha2-nistp256@openssh.comorsk-ssh-ed25519@openssh.comSSH keys. - Authentication policy assumes physical touch is required unless a specific no-touch extension is present.
Quick checks:
rg -n "sk-ecdsa|sk-ssh-ed25519|Verify\\(|PublicKeyCallback|Permissions\\.Extensions|no-touch-required" .
go list -m all | rg "golang.org/x/crypto"
Windows:
rg -n "sk-ecdsa|sk-ssh-ed25519|Verify\\(|PublicKeyCallback|Permissions\\.Extensions|no-touch-required" .
go list -m all | rg "golang.org/x/crypto"
Remediation strategy
- Upgrade
golang.org/x/cryptoto0.52.0+. - Review every SSH auth path that accepts FIDO/U2F key types.
- Make any intentional no-touch behavior explicit through permission extensions rather than relying on old implicit acceptance.
The prompt
Model context: this prompt was generated by GPT 5.5 Extra High reasoning.
You are remediating CVE-2026-39831 / GHSA-89gr-r52h-f8rx in Go SSH code. FIDO
and U2F signatures can be accepted without enforcing user presence. Produce
exactly one output:
- A reviewer-ready PR/change request that upgrades `golang.org/x/crypto`,
hardens security-key verification, adds regression tests, and documents
operator follow-up, or
- TRIAGE.md if this repository does not control an affected SSH auth path.
## Rules
- Scope only CVE-2026-39831 and directly related FIDO/U2F SSH verification.
- Treat hardware-key policy, authorized principals, and audit logs as
sensitive.
- Do not attempt live bypass validation against shared systems.
- Do not auto-merge.
## Steps
1. Inventory every Go module and binary controlled here that uses
`golang.org/x/crypto/ssh`.
2. Confirm whether any resolved version is `<0.52.0`.
3. Trace security-key verification and any use of
`Permissions.Extensions["no-touch-required"]`.
4. If no affected path is controlled here, stop with `TRIAGE.md`.
5. Upgrade to `0.52.0+` and refresh module metadata and images.
6. Add regression tests proving signatures without presence are rejected unless
the explicit no-touch extension is intended.
7. Add a PR body section named `CVE-2026-39831 operator actions` covering
versions before and after, key types reviewed, and validation that passed.
8. Run available validation: `go test`, builds, and dependency/security scans.
9. Use PR title:
`fix(sec): remediate Go SSH FIDO presence bypass`.
Verification - what the reviewer looks for
- No controlled binary resolves
golang.org/x/crypto/ssh <0.52.0. - Tests reject no-touch signatures unless explicitly allowed.
- Security-key policy is documented and intentional.
Output contract
- Reviewer-ready PR upgrading every controlled Go module, vendor tree, image,
generated report, and SBOM to
golang.org/x/crypto 0.52.0+. - Regression tests proving signatures without user presence fail unless an explicit, documented no-touch extension is intentionally allowed.
- Operator notes covering reviewed key types, privileged auth paths, certificate/principal policy, audit considerations, and rollout targets.
TRIAGE.mdwhen SSH auth runtime, vendored dependency, policy ownership, or deployment artifact control is outside this repository.
Watch for
- Assuming all security-key use should permit no-touch behavior.
- Updating the library but leaving custom verification wrappers with the old assumption.
Related recipes
- Go x/crypto ssh unsolicited response deadlock
- Go x/crypto ssh agent forwarded constraint loss
- CVE intelligence intake gate
References
- GitHub Advisory: https://github.com/advisories/GHSA-89gr-r52h-f8rx
- Go issue: https://go.dev/issue/79566
- Go fix: https://go.dev/cl/781662
- Go vuln entry: https://pkg.go.dev/vuln/GO-2026-5019