Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
CVE-2026-46595: Go SSH Server Skips Security Checks for Wrong Authentication
GO-2026-5023
CVE-2026-46595
Summary
A security check is bypassed in Go SSH servers when using an incorrect authentication method. This allows unauthorized access to the server. To fix this, update your Go SSH server to the latest version.
What to do
- Update x golang.org/x/crypto to version 0.52.0.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Go | x | golang.org/x/crypto |
< 0.52.0 Fix: upgrade to 0.52.0
|
| – | golang | crypto |
< 0.52.0 cpe:2.3:a:golang:crypto:*:*:*:*:*:go:*:* |
Original title
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation wou...
Original description
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.
Vulnerability type
CWE-863
Incorrect Authorization
Published: 22 May 2026 · Updated: 30 May 2026 · First seen: 22 May 2026