Skip to main content

Airflow Git Provider CVE-2026-58065

HIGH
Key Exchange without Entity Authentication (CWE-322)
2026-07-13 apache
8.1
CVSS 3.1 · NVD
Share

Severity by source

Vendor (apache) PRIMARY
MEDIUM
qualitative
NVD
8.1 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
8.1 HIGH

On-path MITM position gives AC:H; no auth or interaction needed (PR:N/UI:N); stolen deploy key and injected DAG code yield full C/I/A impact.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (apache).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Jul 14, 2026 - 01:30 vuln.today
v3 (cvss_changed)
Source Code Evidence Fetched
Jul 14, 2026 - 01:30 vuln.today
Analysis Updated
Jul 14, 2026 - 01:30 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 14, 2026 - 01:22 vuln.today
cvss_changed
CVSS changed
Jul 14, 2026 - 01:22 NVD
8.1 (HIGH)
Analysis Generated
Jul 13, 2026 - 15:46 vuln.today

DescriptionNVD

The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server (man-in-the-middle), capturing the SSH deploy key or injecting malicious repository content. Deployments that use the Git DAG bundle or Git provider to clone over SSH with a deploy key are affected. The fix changes the default to verify host keys; upgrade to apache-airflow-providers-git 0.4.1 or later and configure a known_hosts file.

AnalysisAI

Man-in-the-middle interception of Apache Airflow's Git provider (apache-airflow-providers-git before 0.4.1) is possible because git-over-SSH operations run with StrictHostKeyChecking=no by default, so no SSH host-key verification occurs. An attacker positioned on the network path between an Airflow worker and its Git server can impersonate the server to steal the SSH deploy key or inject malicious DAG content, leading to code execution on workers. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain on-path position between worker and Git server
Delivery
Intercept worker SSH clone request
Exploit
Present forged host key (MITM, accepted due to StrictHostKeyChecking=no)
Execution
Capture deploy key and serve malicious DAG content
Impact
Execute attacker code on Airflow worker

Vulnerability AssessmentAI

Exploitation Exploitation requires the deployment to use the Git provider or Git DAG bundle to clone over SSH with a deploy key AND to rely on the vulnerable default strict_host_key_checking='no' (no known_hosts pinning). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, 8.1) shows unauthenticated, no-user-interaction, network-reachable exploitation with full confidentiality/integrity/availability impact, but the High attack complexity is the key limiter: the attacker must already hold a privileged network position to intercept and actively MITM the worker-to-Git SSH channel, which is not trivial in well-segmented environments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can occupy a network position between an Airflow worker and its Git server (e.g., a rogue device on a shared subnet or a compromised upstream hop) responds to the worker's SSH clone with their own host key, which is accepted because verification is disabled. The attacker captures the SSH deploy key and serves malicious repository content, causing Airflow to load and execute attacker-controlled DAG code on the worker. …
Remediation Vendor-released patch: upgrade to apache-airflow-providers-git 0.4.1 or later, which changes the default strict_host_key_checking to 'accept-new'. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: audit your Airflow deployments to identify which are using apache-airflow-providers-git, verify current installed versions, and restrict network access to Git servers where possible. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-58065 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy