CVE-2026-42508 - Go x/crypto knownhosts revoked CA bypass

golang.org/x/crypto/ssh/knownhosts before 0.52.0 did not correctly enforce @revoked status on a revoked CA SignatureKey. That let affected clients accept a host certificate path that should have been rejected.

This is a host-authentication trust failure in custom SSH clients that rely on knownhosts validation for certificate-based trust decisions.

When to use it

Use this recipe when a Go service, CLI, Git mirror, deployment tool, or agent runner uses golang.org/x/crypto/ssh/knownhosts to validate SSH host keys or certificates, especially where revoked certificate authorities are part of the trust model. It is designed for source-code remediation, known-hosts trust-root review, revoked-CA regression testing, and evidence that SSH connections fail closed after CA revocation.

Inputs

  • golang.org/x/crypto version, Go module/vendor state, known_hosts files, trusted/revoked CA entries, SSH client wrappers, Git/deploy mirror configs, and generated dependency or SBOM reports.
  • Source/config paths that call knownhosts.New, build SSH host-key callbacks, load known_hosts data, manage CA revocation, or connect to SSH remotes.
  • Regression fixtures for trusted CA success, revoked CA denial, raw host-key success, host mismatch, malformed known_hosts lines, and no live SSH traffic.
  • Boundary evidence: SSH remotes, mirror/deploy credentials, host-key ownership, revocation process, logs, credential rotation owner, and rollout owner.

Affected versions

  • Vulnerable: golang.org/x/crypto/ssh/knownhosts <0.52.0
  • Fixed: 0.52.0+
  • Affected surface: SSH client host verification using knownhosts

Indicator-of-exposure

  • The repository resolves golang.org/x/crypto <0.52.0.
  • Client code uses knownhosts for host-certificate validation.
  • Trust policy depends on revoked CA entries in known_hosts files.

Quick checks:

rg -n "knownhosts|@revoked|SignatureKey|HostKeyCallback|CertChecker" .
go list -m all | rg "golang.org/x/crypto"

Windows:

rg -n "knownhosts|@revoked|SignatureKey|HostKeyCallback|CertChecker" .
go list -m all | rg "golang.org/x/crypto"

Remediation strategy

  • Upgrade golang.org/x/crypto to 0.52.0+.
  • Re-audit SSH host trust logic for revoked CA handling.
  • Refresh or review known_hosts policy if revoked CA state was expected to block hostile certificates.

The prompt

Model context: this prompt was generated by GPT 5.5 Extra High reasoning.

You are remediating CVE-2026-42508 / GHSA-5cgq-3rg8-m6cv in Go SSH client code.
Revoked CA SignatureKey status is not enforced correctly. Produce exactly one
output:

- A reviewer-ready PR/change request that upgrades `golang.org/x/crypto`,
  hardens host verification, adds regression tests, and documents trust-policy
  review, or
- TRIAGE.md if this repository does not control an affected SSH client path.

## Rules

- Scope only CVE-2026-42508 and directly related host-verification logic.
- Treat known_hosts files, certificate authorities, and trust anchors as
  sensitive.
- Do not connect to attacker-controlled SSH endpoints.
- Do not auto-merge.

## Steps

1. Inventory every Go module and binary controlled here that uses
   `knownhosts`.
2. Confirm whether any resolved version is `<0.52.0`.
3. Trace SSH host verification and revocation policy.
4. If no affected client path is controlled here, stop with `TRIAGE.md`.
5. Upgrade to `0.52.0+` and refresh module metadata and images.
6. Add regression tests proving revoked CA `SignatureKey` paths are rejected.
7. Add a PR body section named `CVE-2026-42508 operator actions` covering
   versions before and after, trust paths audited, and validation that passed.
8. Run available validation: `go test`, builds, and dependency/security scans.
9. Use PR title:
   `fix(sec): remediate Go knownhosts revoked CA bypass`.

Output contract

  • A reviewer-ready PR or change request that upgrades golang.org/x/crypto, refreshes modules/vendor state, adds revoked-CA knownhosts regression tests, and documents SSH trust/credential review.
  • Or a TRIAGE.md file that lists inspected modules/config/call sites, owner, observed version, knownhosts CA trust boundary, required fix, and residual risk.
  • The output must include exact validation commands and must not intercept live SSH traffic, expose deploy keys, mutate known_hosts in production, or weaken host-key verification.

Verification - what the reviewer looks for

  • No controlled binary resolves golang.org/x/crypto/ssh/knownhosts <0.52.0.
  • Revoked CA host-certificate paths are rejected in tests.
  • Host verification logic is not silently trusting revoked certificate signers.

Watch for

  • Upgrading one module while another binary vendors the old package.
  • Testing ordinary key revocation but not revoked CA SignatureKey cases.

References