UBUNTU-CVE-2026-46595
- Source
- https://ubuntu.com/security/CVE-2026-46595
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-46595.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-46595
- Upstream
- Downstream
- Related
- Published
- 2026-05-22T04:16:00Z
- Modified
- 2026-06-18T00:30:10.711956299Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped.
- References
-
- https://ubuntu.com/security/CVE-2026-46595
- https://www.cve.org/CVERecord?id=CVE-2026-46595
- https://go.dev/issue/79570
- https://groups.google.com/g/golang-announce/c/a082jnz-LvI
- https://go.dev/cl/781642
- https://pkg.go.dev/vuln/GO-2026-5023
- https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce
- https://ubuntu.com/security/notices/USN-8447-1
Affected packages
Ubuntu:22.04:LTS
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.53+21.10ubuntu1
2.54.2+22.04ubuntu1
2.54.2+22.04ubuntu2
2.54.2+22.04ubuntu3
2.54.3+git19.g868fc21+22.04
2.54.3+git26.g360067e+22.04
2.55.2+22.04
2.55.2+22.04.1
2.55.3+22.04
2.55.3+22.04ubuntu1
2.55.5+22.04
2.56.2+22.04ubuntu1
2.57.4+22.04
2.57.5+22.04
2.57.5+22.04ubuntu0.1
2.58+22.04
2.58+22.04.1
2.61.3+22.04
2.62+22.04
2.63+22.04
2.63+22.04ubuntu0.1
2.65.3+22.04
2.66.1+22.04
2.67.1+22.04
2.68.5+ubuntu22.04.1
2.71+ubuntu22.04
2.72+ubuntu22.04
2.73+ubuntu22.04
2.73+ubuntu22.04.1
2.74.1+ubuntu22.04.4
2.75.2+ubuntu22.04
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.75.2+ubuntu22.04",
"binary_name": "golang-github-snapcore-snapd-dev"
},
{
"binary_version": "2.75.2+ubuntu22.04",
"binary_name": "golang-github-ubuntu-core-snappy-dev"
},
{
"binary_version": "2.75.2+ubuntu22.04",
"binary_name": "snap-confine"
},
{
"binary_version": "2.75.2+ubuntu22.04",
"binary_name": "snapd"
},
{
"binary_version": "2.75.2+ubuntu22.04",
"binary_name": "snapd-xdg-open"
},
{
"binary_version": "2.75.2+ubuntu22.04",
"binary_name": "ubuntu-core-launcher"
},
{
"binary_version": "2.75.2+ubuntu22.04",
"binary_name": "ubuntu-core-snapd-units"
},
{
"binary_version": "2.75.2+ubuntu22.04",
"binary_name": "ubuntu-snappy"
},
{
"binary_version": "2.75.2+ubuntu22.04",
"binary_name": "ubuntu-snappy-cli"
}
]
}Ubuntu:24.04:LTS
google-guest-agent
Package
- Name
- google-guest-agent
- Purl
- pkg:deb/ubuntu/google-guest-agent?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
20230426.*
20230426.00-0ubuntu3
20231004.*
20231004.02-0ubuntu1
20231004.02-0ubuntu3
20240213.*
20240213.00-0ubuntu1
20240213.00-0ubuntu2
20240213.00-0ubuntu3
20240213.00-0ubuntu3.1
20240213.00-0ubuntu3.2
20240716.*
20240716.00-0ubuntu1~24.04.0
20240716.00-0ubuntu1~24.04.1
20241011.*
20241011.01-0ubuntu1~24.04.0
20250116.*
20250116.00-0ubuntu1~24.04.0
20250116.00-0ubuntu1~24.04.1
20250116.00-0ubuntu1~24.04.2
20250116.00-0ubuntu1~24.04.3
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.60.4+23.10
2.61.3+24.04
2.62+24.04build1
2.63+24.04
2.63+24.04ubuntu0.1
2.63.1+24.04
2.65.3+24.04
2.66.1+24.04
2.67.1+24.04
2.68.5+ubuntu24.04.1
2.71+ubuntu24.04
2.72+ubuntu24.04
2.73+ubuntu24.04
2.73+ubuntu24.04.1
2.73+ubuntu24.04.2
2.74.1+ubuntu24.04.4
2.75.2+ubuntu24.04
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.75.2+ubuntu24.04",
"binary_name": "golang-github-snapcore-snapd-dev"
},
{
"binary_version": "2.75.2+ubuntu24.04",
"binary_name": "golang-github-ubuntu-core-snappy-dev"
},
{
"binary_version": "2.75.2+ubuntu24.04",
"binary_name": "snap-confine"
},
{
"binary_version": "2.75.2+ubuntu24.04",
"binary_name": "snapd"
},
{
"binary_version": "2.75.2+ubuntu24.04",
"binary_name": "snapd-xdg-open"
},
{
"binary_version": "2.75.2+ubuntu24.04",
"binary_name": "ubuntu-core-launcher"
},
{
"binary_version": "2.75.2+ubuntu24.04",
"binary_name": "ubuntu-core-snapd-units"
},
{
"binary_version": "2.75.2+ubuntu24.04",
"binary_name": "ubuntu-snappy"
},
{
"binary_version": "2.75.2+ubuntu24.04",
"binary_name": "ubuntu-snappy-cli"
}
]
}Ubuntu:25.10
golang-go.crypto
Package
- Name
- golang-go.crypto
- Purl
- pkg:deb/ubuntu/golang-go.crypto?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
google-guest-agent
Package
- Name
- google-guest-agent
- Purl
- pkg:deb/ubuntu/google-guest-agent?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
20250116.*
20250116.00-0ubuntu2
20250506.*
20250506.01-0ubuntu1
20250506.01-0ubuntu1.1
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.67.1+25.04
2.68.5+ubuntu25.10.2
2.71+ubuntu25.10
2.71.1+ubuntu25.10.1
2.72+ubuntu25.10.2
2.73+ubuntu25.10
2.73+ubuntu25.10.1
2.74.1+ubuntu25.10.4
2.75.2+ubuntu25.10
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.75.2+ubuntu25.10",
"binary_name": "golang-github-snapcore-snapd-dev"
},
{
"binary_version": "2.75.2+ubuntu25.10",
"binary_name": "golang-github-ubuntu-core-snappy-dev"
},
{
"binary_version": "2.75.2+ubuntu25.10",
"binary_name": "snap-confine"
},
{
"binary_version": "2.75.2+ubuntu25.10",
"binary_name": "snapd"
},
{
"binary_version": "2.75.2+ubuntu25.10",
"binary_name": "snapd-xdg-open"
},
{
"binary_version": "2.75.2+ubuntu25.10",
"binary_name": "ubuntu-core-launcher"
},
{
"binary_version": "2.75.2+ubuntu25.10",
"binary_name": "ubuntu-core-snapd-units"
},
{
"binary_version": "2.75.2+ubuntu25.10",
"binary_name": "ubuntu-snappy"
},
{
"binary_version": "2.75.2+ubuntu25.10",
"binary_name": "ubuntu-snappy-cli"
}
]
}Ubuntu:26.04:LTS
google-guest-agent
Package
- Name
- google-guest-agent
- Purl
- pkg:deb/ubuntu/google-guest-agent?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.71.1+ubuntu25.10.1
2.72+ubuntu26.04.1
2.73+ubuntu26.04.1
2.74+ubuntu26.04
2.74.1+ubuntu26.04
2.74.1+ubuntu26.04.3
2.74.1+ubuntu26.04.4
2.75.2+ubuntu26.04.2
Ubuntu:Pro:16.04:LTS
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd?arch=source&distro=esm-infra%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.9
1.9.1.1
1.9.2
2.*
2.0
2.0.1
2.0.2
2.0.3
2.0.5
2.0.8
2.0.9
2.0.10
2.11+0.16.04
2.12+0.16.04
2.13
2.14.2~16.04
2.15.2ubuntu1
2.16ubuntu3
2.17.1ubuntu1
2.20.1ubuntu1
2.21
2.22.2
2.22.3
2.22.6
2.23.1
2.24.1
2.25
2.26.10
2.27.5
2.28.5
2.29.4.2
2.32.3.2
2.32.9
2.33.1ubuntu2
2.34.2
2.34.2ubuntu0.1
2.37.4
2.37.4ubuntu0.1
2.38
2.39.2
2.39.2ubuntu0.2
2.40
2.42.1
2.45.1
2.45.1ubuntu0.2
2.46.1
2.47.1
2.48
2.48.3
2.54.3+16.04~esm2
2.54.3+16.04.0ubuntu0.1~esm3
2.54.3+16.04.0ubuntu0.1~esm4
2.54.3+16.04.0ubuntu0.1~esm5
2.54.3+16.04.0ubuntu0.1~esm6
2.61.4ubuntu0.16.04.1+esm1
2.61.4ubuntu0.16.04.1+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm2",
"binary_name": "golang-github-snapcore-snapd-dev"
},
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm2",
"binary_name": "golang-github-ubuntu-core-snappy-dev"
},
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm2",
"binary_name": "snap-confine"
},
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm2",
"binary_name": "snapd"
},
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm2",
"binary_name": "snapd-xdg-open"
},
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm2",
"binary_name": "ubuntu-core-launcher"
},
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm2",
"binary_name": "ubuntu-core-snapd-units"
},
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm2",
"binary_name": "ubuntu-snappy"
},
{
"binary_version": "2.61.4ubuntu0.16.04.1+esm2",
"binary_name": "ubuntu-snappy-cli"
}
]
}Ubuntu:Pro:18.04:LTS
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd?arch=source&distro=esm-infra%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.28.5+17.10
2.29.4.1+18.04
2.29.4.2+18.04
2.31.1+18.04
2.32+18.04~pre5
2.32+18.04~pre6
2.32+18.04
2.32.3.2+18.04
2.32.5+18.04
2.32.8+18.04
2.32.9+18.04
2.33.1+18.04ubuntu2
2.34.2+18.04
2.34.2+18.04.1
2.37.1+18.04
2.37.1.1+18.04
2.37.4+18.04
2.37.4+18.04.1
2.38+18.04
2.39.2+18.04
2.40+18.04
2.42.1+18.04
2.45.1+18.04
2.45.1+18.04.2
2.46.1+18.04
2.47.1+18.04
2.48+18.04
2.48.3+18.04
2.49.2+18.04
2.51.1+18.04
2.54.2+18.04ubuntu1
2.54.3+18.04
2.54.3+18.04.2ubuntu0.1
2.54.3+18.04.2ubuntu0.2
2.55.5+18.04
2.57.5+18.04
2.57.5+18.04ubuntu0.1
2.58+18.04
2.58+18.04.1
2.61.4ubuntu0.18.04.1+esm1
2.61.4ubuntu0.18.04.1+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm2",
"binary_name": "golang-github-snapcore-snapd-dev"
},
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm2",
"binary_name": "golang-github-ubuntu-core-snappy-dev"
},
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm2",
"binary_name": "snap-confine"
},
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm2",
"binary_name": "snapd"
},
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm2",
"binary_name": "snapd-xdg-open"
},
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm2",
"binary_name": "ubuntu-core-launcher"
},
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm2",
"binary_name": "ubuntu-core-snapd-units"
},
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm2",
"binary_name": "ubuntu-snappy"
},
{
"binary_version": "2.61.4ubuntu0.18.04.1+esm2",
"binary_name": "ubuntu-snappy-cli"
}
]
}Ubuntu:Pro:20.04:LTS
snapd
Package
- Name
- snapd
- Purl
- pkg:deb/ubuntu/snapd?arch=source&distro=esm-infra%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.41+19.10.1
2.42.1+20.04
2.43.3+git1.8109f8
2.44~pre1+20.04
2.44+20.04
2.44.2+20.04
2.44.3+20.04
2.45.1+20.04
2.45.1+20.04.2
2.46.1+20.04
2.47.1+20.04
2.48+20.04
2.48.3+20.04
2.49.2+20.04
2.51.1+20.04ubuntu2
2.54.2+20.04ubuntu2
2.54.3+20.04
2.54.3+20.04.1
2.54.3+20.04.1ubuntu0.1
2.54.3+20.04.1ubuntu0.2
2.54.3+20.04.1ubuntu0.3
2.55.5+20.04
2.57.5+20.04
2.57.5+20.04ubuntu0.1
2.58+20.04
2.58+20.04.1
2.61.3+20.04
2.62+20.04
2.63+20.04
2.63+20.04ubuntu0.1
2.65.3+20.04
2.66.1+20.04
2.67.1+20.04
2.67.1+20.04ubuntu1~esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.67.1+20.04ubuntu1~esm1",
"binary_name": "golang-github-snapcore-snapd-dev"
},
{
"binary_version": "2.67.1+20.04ubuntu1~esm1",
"binary_name": "golang-github-ubuntu-core-snappy-dev"
},
{
"binary_version": "2.67.1+20.04ubuntu1~esm1",
"binary_name": "snap-confine"
},
{
"binary_version": "2.67.1+20.04ubuntu1~esm1",
"binary_name": "snapd"
},
{
"binary_version": "2.67.1+20.04ubuntu1~esm1",
"binary_name": "snapd-xdg-open"
},
{
"binary_version": "2.67.1+20.04ubuntu1~esm1",
"binary_name": "ubuntu-core-launcher"
},
{
"binary_version": "2.67.1+20.04ubuntu1~esm1",
"binary_name": "ubuntu-core-snapd-units"
},
{
"binary_version": "2.67.1+20.04ubuntu1~esm1",
"binary_name": "ubuntu-snappy"
},
{
"binary_version": "2.67.1+20.04ubuntu1~esm1",
"binary_name": "ubuntu-snappy-cli"
}
]
}Ubuntu:Pro:26.04:LTS
golang-go.crypto
Package
- Name
- golang-go.crypto
- Purl
- pkg:deb/ubuntu/golang-go.crypto?arch=source&distro=esm-apps%2Fresolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:0.47.0-1ubuntu0.1~esm1