Skip to main content

CWE-322

Key Exchange without Entity Authentication

14 CVEs Avg CVSS 7.7 MITRE
1
CRITICAL
10
HIGH
3
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-58065 HIGH PATCH This Week

Man-in-the-middle interception of Apache Airflow's Git provider (apache-airflow-providers-git before 0.4.1) is possible because git-over-SSH operations run with StrictHostKeyChecking=no by default, so no SSH host-key verification occurs. An attacker positioned on the network path between an Airflow worker and its Git server can impersonate the server to steal the SSH deploy key or inject malicious DAG content, leading to code execution on workers. No public exploit identified at time of analysis, and it is not listed in CISA KEV; CVSS is 8.1 (High) driven by high attack complexity (AC:H) requiring an on-path position.

Code Injection Apache Apache Airflow Git Provider
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.5%
CVE-2026-11745 HIGH This Week

Man-in-the-middle attacks against LY Corporation's Central Dogma server can compromise mirrored Git repositories in versions of the centraldogma-server-mirror-git module prior to 0.84.0, because the embedded SSH client accepts any host key presented over git+ssh:// connections. An on-path attacker between Central Dogma and the upstream Git server can impersonate that server, inject malicious commits, and silently poison every downstream consumer that reads from the mirror. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Central Dogma
NVD GitHub VulDB
CVSS 4.0
8.8
EPSS
0.1%
CVE-2026-45361 PyPI HIGH PATCH GHSA This Week

Man-in-the-middle exposure in Apache Airflow's `apache-airflow-providers-google` package (versions prior to 22.0.0) stems from the `ComputeEngineSSHHook` shipping with `paramiko.AutoAddPolicy` as its default missing-host-key policy, silently trusting any SSH host key presented by a Compute Engine VM. An in-path network attacker positioned between the Airflow worker and the GCE instance can intercept or tamper with the SSH session, exposing credentials, DAG-driven commands, and transferred data. No public exploit identified at time of analysis and EPSS is very low (0.02%), but technical impact is rated total by SSVC.

Google Information Disclosure Apache Apache Airflow Google Provider
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-1354 MEDIUM CISA This Month

Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first be in Bluetooth pairing mode, and the attacker must be in proximity of the vehicle and understand the full pairing process, to be able to pair their device with the vehicle. The attacker's device must remain paired with and in proximity of the motorcycle for the entire duration of the firmware update.

Information Disclosure Zero Motorcycles Firmware
NVD GitHub
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-13914 HIGH PATCH This Week

Man-in-the-middle attack against Juniper Networks Apstra allows unauthenticated attackers to impersonate managed network devices and capture credentials due to insufficient SSH host key validation. The vulnerability affects all Apstra versions before 6.1.1, enabling interception of SSH connections between the Apstra orchestration platform and managed infrastructure. No public exploit identified at time of analysis, though the attack requires network positioning between Apstra and target devices.

Information Disclosure Microsoft Juniper Apstra
NVD VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2026-33697 HIGH This Week

Attested TLS relay attacks in Cocos AI confidential computing system versions 0.4.0 through 0.8.2 enable attackers to impersonate genuine TEE-protected services on AMD SEV-SNP and Intel TDX platforms by extracting ephemeral TLS private keys and redirecting authenticated sessions. The architectural flaw allows an attacker with physical access or side-channel capabilities to relay attestation evidence to a different endpoint, breaking the authentication binding between the TEE and the client. No vendor-released patch is available; the vulnerability affects a specialized confidential computing platform with low EPSS probability (formal EPSS score not provided in input) and no public exploit identified at time of analysis, though formal ProVerif verification confirms the attack feasibility.

Information Disclosure Intel Amd
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-1709 PyPI CRITICAL PATCH GHSA Act Now

Authentication bypass in the Keylime registrar (versions 7.12.0 and later) lets unauthenticated network attackers perform administrative actions because the registrar fails to enforce client-side mutual TLS. Attackers connecting without a client certificate can list registered agents, read public TPM data, and delete agents - undermining the integrity of the remote-attestation trust chain. EPSS is low (0.04%, 11th percentile) and there is no public exploit identified at time of analysis, but the flaw is trivially reachable (CVSS 9.8) and patched across Red Hat and SUSE channels.

Authentication Bypass Enterprise Linux For Ibm Z Systems Enterprise Linux For Arm 64 Eus Keylime Enterprise Linux For Power Little Endian +5
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-62501 HIGH This Week

Archer Ax53 Firmware versions up to 1.0 contains a vulnerability that allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) a (CVSS 8.1).

TP-Link Authentication Bypass Archer Ax53 Firmware
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-20163 HIGH This Week

Man-in-the-middle vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) caused by insufficient SSH host key validation, allowing unauthenticated remote attackers to impersonate NDFC-managed devices and intercept SSH traffic. This vulnerability affects Cisco NDFC deployments and could lead to credential capture and device impersonation with a CVSS score of 8.7 (High). Without confirmed KEV status or public POC availability noted in standard databases, organizations should prioritize patching based on CVSS severity and the network-accessible nature of the vulnerability (AV:N).

Information Disclosure Cisco SSH Authentication Bypass Nexus Dashboard
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2024-47519 HIGH This Month

Backup uploads to ETM subject to man-in-the-middle interception. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ng Firewall
NVD
CVSS 3.1
8.3
EPSS
0.1%
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Man-in-the-middle interception of Apache Airflow's Git provider (apache-airflow-providers-git before 0.4.1) is possible because git-over-SSH operations run with StrictHostKeyChecking=no by default, so no SSH host-key verification occurs. An attacker positioned on the network path between an Airflow worker and its Git server can impersonate the server to steal the SSH deploy key or inject malicious DAG content, leading to code execution on workers. No public exploit identified at time of analysis, and it is not listed in CISA KEV; CVSS is 8.1 (High) driven by high attack complexity (AC:H) requiring an on-path position.

Code Injection Apache Apache Airflow Git Provider
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Man-in-the-middle attacks against LY Corporation's Central Dogma server can compromise mirrored Git repositories in versions of the centraldogma-server-mirror-git module prior to 0.84.0, because the embedded SSH client accepts any host key presented over git+ssh:// connections. An on-path attacker between Central Dogma and the upstream Git server can impersonate that server, inject malicious commits, and silently poison every downstream consumer that reads from the mirror. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Information Disclosure Central Dogma
NVD GitHub VulDB
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Man-in-the-middle exposure in Apache Airflow's `apache-airflow-providers-google` package (versions prior to 22.0.0) stems from the `ComputeEngineSSHHook` shipping with `paramiko.AutoAddPolicy` as its default missing-host-key policy, silently trusting any SSH host key presented by a Compute Engine VM. An in-path network attacker positioned between the Airflow worker and the GCE instance can intercept or tamper with the SSH session, exposing credentials, DAG-driven commands, and transferred data. No public exploit identified at time of analysis and EPSS is very low (0.02%), but technical impact is rated total by SSVC.

Google Information Disclosure Apache +1
NVD GitHub
EPSS 0% CVSS 5.9
MEDIUM This Month

Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first be in Bluetooth pairing mode, and the attacker must be in proximity of the vehicle and understand the full pairing process, to be able to pair their device with the vehicle. The attacker's device must remain paired with and in proximity of the motorcycle for the entire duration of the firmware update.

Information Disclosure Zero Motorcycles Firmware
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Man-in-the-middle attack against Juniper Networks Apstra allows unauthenticated attackers to impersonate managed network devices and capture credentials due to insufficient SSH host key validation. The vulnerability affects all Apstra versions before 6.1.1, enabling interception of SSH connections between the Apstra orchestration platform and managed infrastructure. No public exploit identified at time of analysis, though the attack requires network positioning between Apstra and target devices.

Information Disclosure Microsoft Juniper +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Attested TLS relay attacks in Cocos AI confidential computing system versions 0.4.0 through 0.8.2 enable attackers to impersonate genuine TEE-protected services on AMD SEV-SNP and Intel TDX platforms by extracting ephemeral TLS private keys and redirecting authenticated sessions. The architectural flaw allows an attacker with physical access or side-channel capabilities to relay attestation evidence to a different endpoint, breaking the authentication binding between the TEE and the client. No vendor-released patch is available; the vulnerability affects a specialized confidential computing platform with low EPSS probability (formal EPSS score not provided in input) and no public exploit identified at time of analysis, though formal ProVerif verification confirms the attack feasibility.

Information Disclosure Intel Amd
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Authentication bypass in the Keylime registrar (versions 7.12.0 and later) lets unauthenticated network attackers perform administrative actions because the registrar fails to enforce client-side mutual TLS. Attackers connecting without a client certificate can list registered agents, read public TPM data, and delete agents - undermining the integrity of the remote-attestation trust chain. EPSS is low (0.04%, 11th percentile) and there is no public exploit identified at time of analysis, but the flaw is trivially reachable (CVSS 9.8) and patched across Red Hat and SUSE channels.

Authentication Bypass Enterprise Linux For Ibm Z Systems Enterprise Linux For Arm 64 Eus +7
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Archer Ax53 Firmware versions up to 1.0 contains a vulnerability that allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle (MITM) a (CVSS 8.1).

TP-Link Authentication Bypass Archer Ax53 Firmware
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Man-in-the-middle vulnerability in Cisco Nexus Dashboard Fabric Controller (NDFC) caused by insufficient SSH host key validation, allowing unauthenticated remote attackers to impersonate NDFC-managed devices and intercept SSH traffic. This vulnerability affects Cisco NDFC deployments and could lead to credential capture and device impersonation with a CVSS score of 8.7 (High). Without confirmed KEV status or public POC availability noted in standard databases, organizations should prioritize patching based on CVSS severity and the network-accessible nature of the vulnerability (AV:N).

Information Disclosure Cisco SSH +2
NVD
EPSS 0% CVSS 8.3
HIGH This Month

Backup uploads to ETM subject to man-in-the-middle interception. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ng Firewall
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy