Summary
When an SSH server authentication callback returned PartialSuccessError, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded.
Impact
The vector is network-reachable, low privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (0.52.0); upgrading removes the vulnerable code path.
Affected versions
Security releases
Successful exploitation allows a low-privileged remote attacker to bypass authorization controls that trust the affected code path. Real-world applications at risk include trusted-header SSO deployments, where exploitation could lead to full account takeover.
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- Is CVE-2026-39830 being exploited in the wild? Exploitation likelihood is estimated by the EPSS score shown above. Runtime intelligence is what confirms whether the vulnerable path executes in your own environment.
- How do I know if my application is affected? Check whether the affected package and version are present, then whether the vulnerable code is reachable. Kodem determines both automatically.