CVE-2026-39833
Essential information
- Published
- 22/05/2026 04:16
- Modified
- 22/05/2026 04:16
- Author
- —
- Creator
- —
- CISA KEV
- No
- CWE
- —
- CVSS vector
- — — —
Description
The in-memory keyring returned by NewKeyring() silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring() now returns an error when unsupported constraints are requested.
NVD status
- Status
- Received — CVE has been recently published to the CVE List and has been received by the NVD.
- Source
- [email protected]
- NVD
- View on NVD
Affected products (CPE)
| Product | CPE |
|---|---|
| golang / keyring | cpe:2.3:a:golang:keyring:*:*:*:*:*:*:*:* |