CVE-2026-39828

Name of the Vulnerable Software and Affected Versions The product name cannot be determined (affected versions not specified)

Description An issue exists where an SSH server authentication callback returning PartialSuccessError with non-nil Permissions caused those permissions to be silently discarded. This could lead to the removal of certificate restrictions, such as force-command, following the successful completion of a second factor authentication.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.