Primary

Context

Go SSH Authorization Bypass Vulnerability in golang.org/x/crypto

Vulnerability

An authorization bypass vulnerability has been identified in the SSH implementation of the Go programming language, specifically in the golang.org/x/crypto package, prior to version 0.52.0. This vulnerability arises from a misconfiguration in the SSH server that allows certain callbacks to bypass source-address validation. As a result, the validation is skipped, creating a potential security risk.

Impact

Exploitation of this vulnerability allows for an authorization bypass, where source-address validation is incorrectly skipped, potentially leading to unauthorized actions or access.

Remediation

Users can update to version v0.52.0 of golang.org/x/crypto to address this vulnerability.

Added: May 22, 2026, 4:21 AM

Updated: May 22, 2026, 4:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.1

remediation

0.0

relevance

9.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

8.1

remediation

0.0

relevance

9.1

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Go SSH Authorization Bypass Vulnerability in golang.org/x/crypto

Vulnerability

Impact

Remediation

Affected Products

golang.org/x/crypto/ssh

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating