CVE-2026-46595

Published: May 22, 2026

Modified: May 22, 2026

PUBLISHED

Description

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.

Vendor	Product	Versions
golang.org/x/crypto	golang.org/x/crypto/ssh	affected `0 - < 0.52.0`

References

https://go.dev/issue/79570

https://groups.google.com/g/golang-announce/c/a082jnz-LvI

https://go.dev/cl/781642

https://pkg.go.dev/vuln/GO-2026-5023

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-46595

Description

Affected Products

References