Airflow Git Provider CVE-2026-58065
HIGHSeverity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
On-path MITM position gives AC:H; no auth or interaction needed (PR:N/UI:N); stolen deploy key and injected DAG code yield full C/I/A impact.
Primary rating from Vendor (apache).
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionNVD
The Apache Airflow Git provider runs its git-over-SSH operations with StrictHostKeyChecking=no by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server can impersonate the server (man-in-the-middle), capturing the SSH deploy key or injecting malicious repository content. Deployments that use the Git DAG bundle or Git provider to clone over SSH with a deploy key are affected. The fix changes the default to verify host keys; upgrade to apache-airflow-providers-git 0.4.1 or later and configure a known_hosts file.
AnalysisAI
Man-in-the-middle interception of Apache Airflow's Git provider (apache-airflow-providers-git before 0.4.1) is possible because git-over-SSH operations run with StrictHostKeyChecking=no by default, so no SSH host-key verification occurs. An attacker positioned on the network path between an Airflow worker and its Git server can impersonate the server to steal the SSH deploy key or inject malicious DAG content, leading to code execution on workers. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the deployment to use the Git provider or Git DAG bundle to clone over SSH with a deploy key AND to rely on the vulnerable default strict_host_key_checking='no' (no known_hosts pinning). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, 8.1) shows unauthenticated, no-user-interaction, network-reachable exploitation with full confidentiality/integrity/availability impact, but the High attack complexity is the key limiter: the attacker must already hold a privileged network position to intercept and actively MITM the worker-to-Git SSH channel, which is not trivial in well-segmented environments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who can occupy a network position between an Airflow worker and its Git server (e.g., a rogue device on a shared subnet or a compromised upstream hop) responds to the worker's SSH clone with their own host key, which is accepted because verification is disabled. The attacker captures the SSH deploy key and serves malicious repository content, causing Airflow to load and execute attacker-controlled DAG code on the worker. … |
| Remediation | Vendor-released patch: upgrade to apache-airflow-providers-git 0.4.1 or later, which changes the default strict_host_key_checking to 'accept-new'. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: audit your Airflow deployments to identify which are using apache-airflow-providers-git, verify current installed versions, and restrict network access to Git servers where possible. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-322 – Key Exchange without Entity Authentication
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today