Skip to main content

Apache Airflow Google Provider CVE-2026-45361

| EUVDEUVD-2026-31659 HIGH
Key Exchange without Entity Authentication (CWE-322)
2026-05-25 apache GHSA-g9v5-gjwf-9rwx
8.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
CVE Published
Jun 22, 2026 - 06:03 cve.org
HIGH 8.1
Source Code Evidence Fetched
Jun 08, 2026 - 10:28 vuln.today
Analysis Generated
Jun 08, 2026 - 10:28 vuln.today
CVSS changed
May 26, 2026 - 16:22 NVD
8.1 (HIGH)
CVE Published
May 25, 2026 - 09:34 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to apache-airflow-providers-google 22.0.0 or later.

AnalysisAI

Man-in-the-middle exposure in Apache Airflow's apache-airflow-providers-google package (versions prior to 22.0.0) stems from the ComputeEngineSSHHook shipping with paramiko.AutoAddPolicy as its default missing-host-key policy, silently trusting any SSH host key presented by a Compute Engine VM. An in-path network attacker positioned between the Airflow worker and the GCE instance can intercept or tamper with the SSH session, exposing credentials, DAG-driven commands, and transferred data. No public exploit identified at time of analysis and EPSS is very low (0.02%), but technical impact is rated total by SSVC.

Technical ContextAI

The affected component is the ComputeEngineSSHHook in providers/google/src/airflow/providers/google/cloud/hooks/compute_ssh.py, which wraps paramiko's SSHClient to connect Airflow workers to Google Compute Engine VMs over SSH. The pre-fix code unconditionally called client.set_missing_host_key_policy(paramiko.AutoAddPolicy()), meaning the client accepted and recorded any host key presented during the first connection without verifying it against a known_hosts file or out-of-band source. This is a textbook CWE-322 (Key Exchange without Entity Authentication) issue: the SSH handshake completes a Diffie-Hellman key exchange but never authenticates the server identity, so a network adversary who can redirect traffic (BGP hijack, ARP/DNS spoofing on a shared network segment, compromised GCP networking path) can present their own host key and act as a transparent proxy. The CPE cpe:2.3:a:apache_software_foundation:apache_airflow_google_provider:* covers all versions prior to the fix.

RemediationAI

Vendor-released patch: upgrade apache-airflow-providers-google to 22.0.0 or later (fix landed via apache/airflow PR #66746, https://github.com/apache/airflow/pull/66746). Note that 22.0.0 introduces a new host_key_policy constructor argument but preserves the historical "auto_add" default for backward compatibility, so upgrading alone does NOT close the MitM gap - operators must explicitly construct ComputeEngineSSHHook (or configure connections) with host_key_policy="reject" and a populated known_hosts file, or pass a custom paramiko.MissingHostKeyPolicy (for example, one that loads pinned host keys from GCE guest attributes). If upgrade is delayed, compensating controls include constraining Airflow-to-GCE SSH traffic to private VPC paths with no third-party transit (eliminating the in-path attacker position), enforcing IAP TCP forwarding for SSH so Google-managed identity gates the path, and using short-lived OS Login keys; trade-off is operational complexity and that IAP/VPC restrictions still trust the GCP control plane rather than cryptographically authenticating the host key.

Share

CVE-2026-45361 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy