THREATOPS
THREAT OPSThreat News › [GHSA] GHSA-vg99-gr89-qhw9 (high) — DIRAC: Pilot code downloaded over unverified HTTPS connection

[GHSA] GHSA-vg99-gr89-qhw9 (high) — DIRAC: Pilot code downloaded over unverified HTTPS connection

highgithub_advisoriesPublished 2026-07-13

GHSA-vg99-gr89-qhw9 Severity: high CVE: CVE-2026-61668

DIRAC: Pilot code downloaded over unverified HTTPS connection

### Summary The second stage pilot (pilot.tar) is downloaded by the initial wrapper script without any verification of the webservers' SSL certificate and the contained script is subsequently executed. The checksum is tested, but the reference checksum file is downloaded over the

MITRE ATT&CK techniques

Indicators of compromise

Original source: https://github.com/advisories/GHSA-vg99-gr89-qhw9