CVE-2026-39831 - Go x/crypto ssh FIDO presence bypass

golang.org/x/crypto/ssh before 0.52.0 accepts FIDO/U2F security-key signatures without checking the User Presence flag. That means signatures generated without a physical touch can be accepted when the application expects human presence enforcement.

This is an authentication policy bypass for Go SSH server or verifier code that trusts hardware-key presence semantics.

When to use it

  • A repository builds Go SSH servers, gateways, bastions, Git/CI access services, agent endpoints, or verifiers that accept FIDO/U2F SSH public keys.
  • Authentication policy assumes user presence or physical touch for sk-ecdsa-sha2-nistp256@openssh.com or sk-ssh-ed25519@openssh.com keys.
  • Code uses Permissions.Extensions["no-touch-required"], custom public-key callbacks, authorized principals, or SSH certificate policy.
  • You need a bounded PR or triage note that upgrades x/crypto and makes security-key no-touch behavior explicit.

Inputs

  • Go modules, vendored trees, SSH auth code, public-key callbacks, certificate policy, authorized-principal mapping, SBOMs, generated reports, images, and runbooks.
  • Resolved golang.org/x/crypto versions, accepted key types, no-touch extension policy, audit logs, privileged role mapping, and rollout owners.
  • Available go test, auth regression tests, build, image build, SBOM, and dependency/security scan commands.

Affected versions

  • Vulnerable: golang.org/x/crypto/ssh <0.52.0
  • Fixed: 0.52.0+
  • Affected surface: FIDO/U2F SSH public-key verification

Indicator-of-exposure

  • The repository resolves golang.org/x/crypto <0.52.0.
  • Code accepts sk-ecdsa-sha2-nistp256@openssh.com or sk-ssh-ed25519@openssh.com SSH keys.
  • Authentication policy assumes physical touch is required unless a specific no-touch extension is present.

Quick checks:

rg -n "sk-ecdsa|sk-ssh-ed25519|Verify\\(|PublicKeyCallback|Permissions\\.Extensions|no-touch-required" .
go list -m all | rg "golang.org/x/crypto"

Windows:

rg -n "sk-ecdsa|sk-ssh-ed25519|Verify\\(|PublicKeyCallback|Permissions\\.Extensions|no-touch-required" .
go list -m all | rg "golang.org/x/crypto"

Remediation strategy

  • Upgrade golang.org/x/crypto to 0.52.0+.
  • Review every SSH auth path that accepts FIDO/U2F key types.
  • Make any intentional no-touch behavior explicit through permission extensions rather than relying on old implicit acceptance.

The prompt

Model context: this prompt was generated by GPT 5.5 Extra High reasoning.

You are remediating CVE-2026-39831 / GHSA-89gr-r52h-f8rx in Go SSH code. FIDO
and U2F signatures can be accepted without enforcing user presence. Produce
exactly one output:

- A reviewer-ready PR/change request that upgrades `golang.org/x/crypto`,
  hardens security-key verification, adds regression tests, and documents
  operator follow-up, or
- TRIAGE.md if this repository does not control an affected SSH auth path.

## Rules

- Scope only CVE-2026-39831 and directly related FIDO/U2F SSH verification.
- Treat hardware-key policy, authorized principals, and audit logs as
  sensitive.
- Do not attempt live bypass validation against shared systems.
- Do not auto-merge.

## Steps

1. Inventory every Go module and binary controlled here that uses
   `golang.org/x/crypto/ssh`.
2. Confirm whether any resolved version is `<0.52.0`.
3. Trace security-key verification and any use of
   `Permissions.Extensions["no-touch-required"]`.
4. If no affected path is controlled here, stop with `TRIAGE.md`.
5. Upgrade to `0.52.0+` and refresh module metadata and images.
6. Add regression tests proving signatures without presence are rejected unless
   the explicit no-touch extension is intended.
7. Add a PR body section named `CVE-2026-39831 operator actions` covering
   versions before and after, key types reviewed, and validation that passed.
8. Run available validation: `go test`, builds, and dependency/security scans.
9. Use PR title:
   `fix(sec): remediate Go SSH FIDO presence bypass`.

Verification - what the reviewer looks for

  • No controlled binary resolves golang.org/x/crypto/ssh <0.52.0.
  • Tests reject no-touch signatures unless explicitly allowed.
  • Security-key policy is documented and intentional.

Output contract

  • Reviewer-ready PR upgrading every controlled Go module, vendor tree, image, generated report, and SBOM to golang.org/x/crypto 0.52.0+.
  • Regression tests proving signatures without user presence fail unless an explicit, documented no-touch extension is intentionally allowed.
  • Operator notes covering reviewed key types, privileged auth paths, certificate/principal policy, audit considerations, and rollout targets.
  • TRIAGE.md when SSH auth runtime, vendored dependency, policy ownership, or deployment artifact control is outside this repository.

Watch for

  • Assuming all security-key use should permit no-touch behavior.
  • Updating the library but leaving custom verification wrappers with the old assumption.

References