Listen to this Post
The vulnerability resides in the Go cryptographic library’s SSH agent implementation, specifically within the `golang.org/x/crypto/ssh/agent` package. When a user adds a key to a remote SSH agent, they can attach constraint extensions such as `[email protected]` to limit where and how the key can be used. These constraints are intended to enforce destination restrictions, ensuring that a forwarded key cannot be abused beyond its original scope.
However, due to improper serialization, these constraint extensions were not included in the agent request when the key was added. As a result, the destination restrictions were silently stripped during the key forwarding process. The agent would forward the key to the remote host without any of the associated constraints, effectively nullifying all usage limitations. An attacker who can forward an SSH key—whether through a local user session, a compromised process with agent access, or a malicious application—can leverage this flaw to use the key unrestrictedly on the remote host. This bypasses the intended privilege boundaries, potentially allowing the attacker to access sensitive services, execute arbitrary commands, or pivot to other systems.
The issue affects all versions of the package prior to v0.52.0. The vulnerable code paths are found in the unexported functions `client.Add` and keyring.Add, which handle key addition and constraint serialization. The vulnerability was discovered by NCC Group Cryptography Services, sponsored by Teleport. The CVSS v3.1 score is 9.1 (Critical), reflecting high impact on confidentiality, integrity, and availability. The attack vector is network-based, requires low privileges, and no user interaction. The EPSS score is below 1%, indicating a low probability of active exploitation in the wild. The fix, introduced in version v0.52.0, now correctly serializes all constraint extensions and additionally makes the in-memory keyring returned by `NewKeyring()` reject keys with unsupported constraint extensions instead of silently ignoring them. This dual-layer fix ensures that constraints are both transmitted and enforced properly.
DailyCVE Form:
Platform: Go crypto/ssh/agent
Version: before v0.52.0
Vulnerability: Constraint stripping
Severity: Critical (9.1)
date: 2026-05-22
Prediction: 2026-05-22
What Undercode Say:
Analytics:
- Affected functions: client.Add, keyring.Add
- CVSS: 9.1 / Network / Low complexity
- EPSS: 0.03% (9th percentile)
- Fixed in: v0.52.0
- CWE: CWE-273 (Improper Check for Dropped Privileges)
- Go version impact: all prior to v0.52.0
Bash commands to check version:
go list -m golang.org/x/crypto | awk '{print $2}'
Go code to verify constraints are now serialized (fixed behavior):
package main
import (
"golang.org/x/crypto/ssh/agent"
)
func main() {
keyring := agent.NewKeyring()
// Adding a key with [email protected]
// Now serializes all constraint extensions.
// Unsupported extensions are rejected instead of silently ignored.
}
Exploit:
An attacker with the ability to forward an SSH key via `ssh-agent` can exploit this vulnerability by adding a key with destination restrictions and then forwarding it. The restrictions are silently stripped, allowing the attacker to use the key on any remote host without limitation. No special privileges are required beyond access to the agent. The attack can be performed over the network.
Protection:
- Upgrade `golang.org/x/crypto` to version v0.52.0 or higher.
- Reconfigure SSH deployments to disable key forwarding or use `Restrict` mode explicitly.
- Audit scripts and applications that invoke `ssh-agent` to ensure they do not forward keys without proper constraints.
Impact:
Successful exploitation allows an attacker to bypass all destination restrictions on forwarded SSH keys, granting unrestricted access to the remote host. This can lead to unauthorized command execution, lateral movement within the network, and compromise of sensitive data. The vulnerability has a CVSS score of 9.1, indicating critical severity with significant risk to confidentiality, integrity, and availability.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
