VYPR
High severity8.1NVD Advisory· Published May 25, 2026· Updated Jun 1, 2026

CVE-2026-45361

CVE-2026-45361

Description

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to apache-airflow-providers-google 22.0.0 or later.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

1