The vulnerability resides in the golang.org/x/crypto/ssh/knownhosts package where a revoked ‘SignatureKey’ belonging to a CA was not properly checked for revocation. As a result, the key and its signature key could be accepted as valid, allowing a malicious actor to present a revoked CA key and impersonate a legitimate remote host. This bypass compromises authentication and opens the door to man‑in‑the‑middle attacks, potentially granting an attacker full control over traffic protected by the affected SSH client.

Any Go application that relies on the golang.org/x/crypto/ssh/knownhosts library for validating SSH host keys is affected. The issue applies to all versions of the library released before the fix that added revocation checks for both key and key.SignatureKey. Users deploying Go programs that perform host key verification should review the library version and audit any custom host key checking code for similar omissions.

The vulnerability carries a high risk because it directly undermines the integrity of SSH host authentication. Although the EPSS score is < 1%, indicating a very low probability of exploitation, the CVSS score of 9.1 underscores the severity of this flaw. The practical exploitation probability could be significant in environments that rely on remote hosts whose keys may have been revoked. The attack vector is inferred to be remote, requiring an attacker to insert a revoked CA key into the connection flow to satisfy the client’s host key verification logic.