NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-39831

Summary	The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a "no-touch-required" extension in Permissions.Extensions from PublicKeyCallback.
Publication Date	May 22, 2026, 1:16 p.m.
Registration Date	May 23, 2026, 4:08 a.m.
Last Update	May 22, 2026, 1:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://go.dev/cl/781662	security@golang.org
2	https://go.dev/issue/79566	security@golang.org
3	https://groups.google.com/g/golang-announce/c/a082jnz-LvI	security@golang.org
4	https://pkg.go.dev/vuln/GO-2026-5019	security@golang.org

Common Vulnerabilities List