golang.org/x/crypto/ssh FIDO/U2F Physical Presence Bypass (CVE-2026-39831)
A critical vulnerability (CVE-2026-39831) in the `Verify()` method of the `golang.org/x/crypto/ssh` package (versions prior to 0.52.0) allowed the physical presence check for FIDO/U2F security key types to be bypassed, enabling unattended use of hardware security keys and potentially leading to unauthorized SSH access.
A critical vulnerability, tracked as CVE-2026-39831, has been identified in the golang.org/x/crypto/ssh package, specifically in versions prior to 0.52.0. This flaw affects the Verify() method for FIDO/U2F security key types, including sk-ecdsa-sha2-nistp256@openssh.com and sk-ssh-ed25519@openssh.com. The vulnerability stems from the method's failure to properly check the "User Presence" flag. This oversight allows signatures generated by a hardware security key to be accepted without requiring the user's physical touch, effectively bypassing a critical security mechanism designed to prevent unauthorized or unattended use of the key. For organizations relying on FIDO/U2F for SSH authentication using this Go package, this could lead to unauthorized access if an attacker gains control over a system with an available, un-touched hardware security key. Defenders should prioritize updating to version 0.52.0 or later to mitigate this risk, or reconfigure to explicitly require user presence.
Attack Chain
- An attacker gains access to a client machine with a FIDO/U2F security key connected and available for use (e.g., via malware or physical access).
- The attacker initiates an SSH connection to a vulnerable server, attempting to authenticate using the FIDO/U2F key.
- The SSH server, running an application built with
golang.org/x/crypto/ssh(version < 0.52.0), sends an authentication challenge. - The attacker's controlled client generates an SSH signature using the FIDO/U2F key, but without the required user physical touch.
- The vulnerable
Verify()method within the server'sgolang.org/x/crypto/sshlibrary fails to validate the "User Presence" flag within the received signature. - The server accepts this unverified signature as legitimate, granting the attacker authenticated access to the system.
Impact
The immediate impact of this vulnerability is the potential for unauthorized SSH access if an attacker can leverage an already connected FIDO/U2F security key without the legitimate user's physical presence. This bypasses a fundamental security control of hardware security keys, which is designed to prevent remote or surreptitious authentication attempts. Organizations using golang.org/x/crypto/ssh for server-side SSH authentication are at risk of unauthorized access to their systems, potentially leading to data exfiltration, system compromise, or further network lateral movement. While no active exploitation is reported, the nature of the flaw could enable a determined attacker to gain privileged access to critical infrastructure.
Recommendation
- Patch CVE-2026-39831 by updating the
golang.org/x/crypto/sshpackage to version 0.52.0 or later on all affected systems. - Review applications using
golang.org/x/crypto/sshto confirm correct implementation ofPublicKeyCallbackregarding the "no-touch-required" extension, as advised in GHSA-89gr-r52h-f8rx, to explicitly manage FIDO/U2F user presence requirements.