CVE-2026-39833 - Go x/crypto ssh agent confirm constraint bypass
golang.org/x/crypto/ssh/agent before 0.52.0 lets NewKeyring() accept
keys with the ConfirmBeforeUse constraint but never actually enforce that
confirmation. Keys sign immediately, and callers receive no signal that the
constraint is ineffective.
This is a key-usage authorization failure for Go code that assumes in-memory agent keyrings honor confirmation prompts.
When to use it
Use this recipe when a Go service, CLI, Git helper, deployment tool, or agent
runner uses golang.org/x/crypto/ssh/agent and relies on confirm constraints
to require user approval before private-key signing. It is designed for
source-code remediation, SSH agent trust-boundary review, key-use approval
testing, and evidence that constrained keys cannot sign without confirmation.
Inputs
golang.org/x/cryptoversion, Go module/vendor state, SSH agent usage, forwarded-agent paths, key constraints, CLI/server call sites, and generated dependency or SBOM reports.- Source paths that call
agent.Sign,Signers, agent forwarding, Git/SSH operations, deploy helpers, or automation that can request signatures. - Regression fixtures for constrained keys, unconstrained keys, confirm required, denied confirmation, allowed confirmation, and no real private-key material in tests.
- Boundary evidence: private-key scope, forwarded agents, deploy/repository access, operator workflows, logs, key rotation owner, and rollout owner.
Affected versions
- Vulnerable:
golang.org/x/crypto/ssh/agent <0.52.0 - Fixed:
0.52.0+ - Affected surface: in-memory agent keyrings created with
NewKeyring()
Indicator-of-exposure
- The repository resolves
golang.org/x/crypto <0.52.0. - Code uses
ssh/agent.NewKeyring(). - Security policy expects
ConfirmBeforeUseto require explicit approval before signing.
Quick checks:
rg -n "NewKeyring\\(|ConfirmBeforeUse|ConstraintExtension|ssh/agent" .
go list -m all | rg "golang.org/x/crypto"
Windows:
rg -n "NewKeyring\\(|ConfirmBeforeUse|ConstraintExtension|ssh/agent" .
go list -m all | rg "golang.org/x/crypto"
Remediation strategy
- Upgrade
golang.org/x/cryptoto0.52.0+. - Reject unsupported key constraints rather than silently accepting them.
- Audit whether any repository-owned workflows assumed confirmation prompts were being enforced.
The prompt
Model context: this prompt was generated by GPT 5.5 Extra High reasoning.
You are remediating CVE-2026-39833 / GHSA-jppx-rxg9-jmrx in Go ssh-agent code.
`NewKeyring()` accepts confirm-before-use constraints but does not enforce
them. Produce exactly one output:
- A reviewer-ready PR/change request that upgrades `golang.org/x/crypto`,
hardens keyring constraint handling, adds regression tests, and documents
operator follow-up, or
- TRIAGE.md if this repository does not control an affected agent keyring path.
## Rules
- Scope only CVE-2026-39833 and directly related keyring constraint handling.
- Treat private keys, agent sockets, and approval workflows as sensitive.
- Do not use production signing keys for validation.
- Do not auto-merge.
## Steps
1. Inventory every Go module and binary controlled here that uses
`golang.org/x/crypto/ssh/agent`.
2. Confirm whether any resolved version is `<0.52.0`.
3. Trace `NewKeyring()` usage and any policy that relies on
`ConfirmBeforeUse`.
4. If no affected path is controlled here, stop with `TRIAGE.md`.
5. Upgrade to `0.52.0+` and refresh module metadata and images.
6. Add regression tests proving unsupported confirm constraints fail closed.
7. Review any workflow that assumed local signing required interactive
confirmation.
8. Add a PR body section named `CVE-2026-39833 operator actions` covering
versions before and after, keyring paths reviewed, and validation that
passed.
9. Run available validation: `go test`, builds, and dependency/security scans.
10. Use PR title:
`fix(sec): remediate Go ssh-agent confirm constraint bypass`.
Output contract
- A reviewer-ready PR or change request that upgrades
golang.org/x/crypto, refreshes modules/vendor state, adds confirm-constraint regression tests, and documents SSH key/agent exposure review. - Or a
TRIAGE.mdfile that lists inspected modules/call sites, owner, observed version, SSH agent trust boundary, required fix, and residual risk. - The output must include exact validation commands and must not use real private keys, request live signatures, expose agent sockets, or weaken deploy key controls.
Verification - what the reviewer looks for
- No controlled binary resolves
golang.org/x/crypto/ssh/agent <0.52.0. - Keyrings do not silently accept unsupported confirm constraints.
- Regression tests prove unsafe key additions fail closed.
Watch for
- Assuming agent UX implies confirmation was enforced.
- Updating one keyring path while helper binaries still vendor the old module.
Related recipes
- Source code secrets and data exposure audit
- Source code supply chain build integrity audit
- Source code attack surface map
- SAST finding triage and fix
References
- GitHub Advisory: https://github.com/advisories/GHSA-jppx-rxg9-jmrx
- Go issue: https://go.dev/issue/79436
- Go fixes: https://go.dev/cl/778640, https://go.dev/cl/778641
- Go vuln entry: https://pkg.go.dev/vuln/GO-2026-5005