Product
A critical vulnerability (CVE-2026-39831) in the `Verify()` method of the `golang.org/x/crypto/ssh` package (versions prior to 0.52.0) allowed the physical presence check for FIDO/U2F security key types to be bypassed, enabling unattended use of hardware security keys and potentially leading to unauthorized SSH access.