THREATOPS
THREAT OPSThreat News › CVE-2026-58065: Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification

CVE-2026-58065: Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification

medoss_secPublished 2026-07-13

<p>Posted by Vincent Beck on Jul 13</p>Severity: moderate <br /> <br /> Affected versions:<br /> <br /> - Apache Airflow Git provider (apache-airflow-providers-git) before 0.4.1<br /> <br /> Description:<br /> <br /> The Apache Airflow Git provider runs its git-over-SSH operations with `StrictHostKeyChecking=no` by default, disabling <br /> SSH host-key verification. An attacker who can intercept

Indicators of compromise

Original source: https://seclists.org/oss-sec/2026/q3/124