Skip to main content

Central Dogma CVE-2026-11745

| EUVDEUVD-2026-38206 HIGH
Key Exchange without Entity Authentication (CWE-322)
2026-06-22 LY-Corporation
8.8
CVSS 4.0 · Vendor: LY-Corporation
Share

Severity by source

Vendor (LY-Corporation) PRIMARY
8.8 HIGH
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.7 HIGH

MITM over network-reachable SSH justifies AV:N with AC:H for the on-path requirement; no auth or UI; scope changes as poisoned mirrors affect downstream consumers, with high C/I and no availability impact.

3.1 AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N

Primary rating from Vendor (LY-Corporation).

CVSS VectorVendor: LY-Corporation

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 22, 2026 - 06:11 vuln.today

DescriptionCVE.org

A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories.

AnalysisAI

Man-in-the-middle attacks against LY Corporation's Central Dogma server can compromise mirrored Git repositories in versions of the centraldogma-server-mirror-git module prior to 0.84.0, because the embedded SSH client accepts any host key presented over git+ssh:// connections. An on-path attacker between Central Dogma and the upstream Git server can impersonate that server, inject malicious commits, and silently poison every downstream consumer that reads from the mirror. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain on-path position to mirror SSH traffic
Delivery
Intercept git+ssh:// handshake from Central Dogma
Exploit
Present attacker-controlled SSH host key
Execution
Proxy session and inject malicious commits
Persist
Central Dogma stores poisoned mirror
Impact
Downstream services consume tampered configuration

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) Central Dogma operators to have configured at least one Git mirror source using the git+ssh:// scheme - HTTPS mirrors and locally configured repositories are not affected; (2) the attacker to occupy an on-path network position between the Central Dogma server and the upstream SSH Git endpoint at the moment the mirror pull occurs (captured by AV:A and AT:P in the vendor vector); and (3) the running centraldogma-server-mirror-git version to be earlier than 0.84.0. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-supplied CVSS 4.0 score of 8.8 reflects unauthenticated, no-interaction exploitation (PR:N/UI:N) with high confidentiality and integrity impact on both the vulnerable and subsequent systems (VC:H/VI:H, SC:H/SI:H) - appropriate because compromised mirrored repos cascade into every consumer of the configuration data. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who controls a hop between the Central Dogma server and its upstream Git host - for example a compromised router, a rogue Wi-Fi or VPN gateway, or an internal pivot - intercepts the outbound SSH handshake for a git+ssh:// mirror pull and presents their own SSH host key, which the client accepts without complaint. The attacker proxies traffic to the real server while substituting commits that, for instance, change a feature flag, inject a malicious config value, or alter a Kubernetes manifest, and Central Dogma replicates the poisoned content to every consuming service. …
Remediation Vendor-released patch: Central Dogma 0.84.0 - upgrade the centraldogma-server-mirror-git component to 0.84.0 or later per advisory GHSA-vjfw-cpmh-xwv3 (https://github.com/line/centraldogma/security/advisories/GHSA-vjfw-cpmh-xwv3). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Central Dogma server deployments and identify instances running versions below 0.84.0. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-11745 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy