CVE-2026-45361

ADVISORY - nist

Summary

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to apache-airflow-providers-google 22.0.0 or later.

EPSS Score⁠: 0.00071 (0.218)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-322⁠

Key Exchange without Entity Authentication

Impacted images

Advisories

NIST

CREATED

5 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2026-45361⁠

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-322⁠

CVSS SCORE

8.1high

PypA

CREATED

5 days ago

UPDATED

2 days ago

ADVISORY ID

PYSEC-2026-166

EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

8.1high