When a key that contains constraint extensions such as restrict-destination-v00@openssh.com is added to a remote ssh agent, the agent omitted these constraints during serialization. As a result, forwarded keys were stripped of all destination restrictions, allowing anyone who could forward a key to use it anywhere on the remote host without limitation. The vulnerability therefore enables an attacker who can forward an SSH key to abuse it beyond the intended constraints, potentially accessing services or executing commands on the remote system. The description does not provide a CVSS score but the impact on confidentiality, integrity and availability is significant because unrestrained keys can be used to impersonate legitimate users.

The vulnerability affects the golang.org/x/crypto/ssh/agent component of the Go cryptographic library. No specific version numbers were listed, so any build of the agent prior to the fix that does not enforce constraint serialization may be vulnerable.

The EPSS score is not available and the issue is not listed in the CISA KEV catalog, so the exact likelihood of exploitation is unknown. However, the attack would require the ability to forward a key via ssh-agent, which can be achieved by a local user or a process with agent access. Because the flaw silently removes all constraint extensions, the attack vector is straightforward for anyone who can trigger key forwarding. The fix now serializes all constraint extensions and rejects unsupported ones, greatly reducing the window of opportunity for exploitation. Monitoring agent usage and restricting key forwarding remain prudent measures until a patched version is deployed.