CVE-2026-45361
EUVD-2026-3165925.05.2026, 10:16
Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to `apache-airflow-providers-google` 22.0.0 or later.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | apache-airflow-providers-google | 𝑥 < 22.0.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration