Skip to main content

Paramiko SSH Library EUVDEUVD-2026-27514

| CVE-2026-44405 LOW
Use of a Broken or Risky Cryptographic Algorithm (CWE-327)
2026-05-06 cve@mitre.org
3.4
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.4 LOW
AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
May 06, 2026 - 00:30 vuln.today
Analysis Generated
May 06, 2026 - 00:30 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 381 pypi packages depend on paramiko (120 direct, 268 indirect)

Ecosystem-wide dependent count for version 4.0.0.

DescriptionCVE.org

In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.

AnalysisAI

Paramiko through version 4.0.0 before commit a448945 accepts SHA-1-based RSA signatures (ssh-rsa algorithm) in host key verification and authentication contexts, violating modern cryptographic standards and enabling signature forgery attacks. The vulnerability affects SSH clients and servers using Paramiko for key exchange and authentication, allowing remote attackers on the same network segment to potentially forge host keys or perform man-in-the-middle attacks by exploiting the deprecated SHA-1 hash algorithm. No public exploit code has been identified at time of analysis, though the issue is cryptographically fundamental and OSTIF security audit documentation exists.

Technical ContextAI

Paramiko is a pure-Python SSH implementation used for secure shell protocol automation, commonly integrated into Python applications for remote system administration. The vulnerability stems from CWE-327 (Use of Broken Cryptographic Algorithm), specifically Paramiko's RSAKey class retaining support for the ssh-rsa algorithm identifier, which mandates SHA-1 signatures per RFC 4252. The affected code path involves the HASHES dictionary in rsakey.py, which previously mapped 'ssh-rsa' and 'ssh-rsa-cert-v01@openssh.com' directly to hashes.SHA1. The fix involves removing these mappings from HASHES while maintaining ssh-rsa in the advertised key types list (for backward compatibility in reading legacy keys), but enforcing SHA-2 variants (rsa-sha2-256, rsa-sha2-512) during actual signing and verification operations via auth_handler.py, client.py, and transport.py modifications. The commit a448945 restructures algorithm negotiation in SecurityOptions and Transport classes to exclude ssh-rsa from preferred key types and force SHA-2 negotiation when RSA keys are used.

RemediationAI

Upgrade Paramiko to version 4.0.1 or later, which contains commit a448945 removing SHA-1 enforcement from RSA key operations. For Python package managers, run 'pip install --upgrade paramiko>=4.0.1'. If immediate upgrade is not feasible, configure SSH clients to explicitly prefer rsa-sha2-256 or rsa-sha2-512 algorithms by setting PubkeyAcceptedAlgorithms in OpenSSH config or equivalent Paramiko SecurityOptions.preferred_pubkeys, filtering out 'ssh-rsa' entries. Note that this workaround requires the remote SSH server support SHA-2 variants; legacy servers supporting only ssh-rsa will become unreachable until upgraded. For server-side deployments, ensure sshd configuration includes 'PubkeyAcceptedAlgorithms rsa-sha2-256,rsa-sha2-512' and remove 'ssh-rsa' from accepted algorithms. Legacy client-server pairs (e.g., Ansible → older network devices) must be migrated to SHA-2-capable SSH implementations or isolated to dedicated secure networks with strong egress filtering to prevent MITM.

Share

EUVD-2026-27514 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy