THREAT OPS › Threat News › CVE-2026-58065: Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification
CVE-2026-58065: Apache Airflow Git provider: Git provider hook defaults to StrictHostKeyChecking=no, disabling SSH host-key verification
<p>Posted by Vincent Beck on Jul 13</p>Severity: moderate <br /> <br /> Affected versions:<br /> <br /> - Apache Airflow Git provider (apache-airflow-providers-git) before 0.4.1<br /> <br /> Description:<br /> <br /> The Apache Airflow Git provider runs its git-over-SSH operations with `StrictHostKeyChecking=no` by default, disabling <br /> SSH host-key verification. An attacker who can intercept
Indicators of compromise
- CVE-2026-58065cve
Original source: https://seclists.org/oss-sec/2026/q3/124