THREAT OPS › Threat News › [GHSA] GHSA-vg99-gr89-qhw9 (high) — DIRAC: Pilot code downloaded over unverified HTTPS connection
[GHSA] GHSA-vg99-gr89-qhw9 (high) — DIRAC: Pilot code downloaded over unverified HTTPS connection
GHSA-vg99-gr89-qhw9 Severity: high CVE: CVE-2026-61668
DIRAC: Pilot code downloaded over unverified HTTPS connection
### Summary The second stage pilot (pilot.tar) is downloaded by the initial wrapper script without any verification of the webservers' SSL certificate and the contained script is subsequently executed. The checksum is tested, but the reference checksum file is downloaded over the
MITRE ATT&CK techniques
- CredentialsT1589.001
Indicators of compromise
- CVE-2026-61668cve
- https://pypi.org/project/DIRAC/8.0.79/url
- https://pypi.org/project/DIRAC/9.0.22/url
- https://pypi.org/project/DIRAC/9.1.10/url
Original source: https://github.com/advisories/GHSA-vg99-gr89-qhw9