Listen to this Post
How CVE-2026-45361 works
Apache Airflow’s `google-provider` package includes a hook named `ComputeEngineSSHHook` for establishing SSH connections from Airflow workers to Google Compute Engine VMs. By default, this hook disables SSH host-key verification. Host-key verification is a security mechanism that ensures the SSH client is connecting to the intended server by checking the server’s public key against a known list. When disabled, the client accepts any host key presented during the handshake. An attacker positioned on the network path between the Airflow worker and the Compute Engine VM—for example, through ARP spoofing, DNS hijacking, or rogue Wi-Fi access points—can intercept the SSH session. The attacker can present a fraudulent host key, and the hook will silently accept it without any warning. This allows a man-in-the-middle (MITM) attack where the attacker can decrypt, read, modify, and re-encrypt all SSH traffic. Sensitive data such as deployment scripts, secrets passed via environment variables, or infrastructure commands become exposed. Furthermore, the attacker can inject malicious commands into the SSH stream, potentially gaining persistent access to the VM or pivoting to other internal resources. The flaw exists because the hook initializes `SSHClient` with `missing_host_key_policy = AutoAddPolicy` or similar, which automatically adds unknown host keys. In secure configurations, `RejectPolicy` or explicit known hosts should be used. The default behavior was inherited from legacy convenience settings without security review. The issue affects all versions of `apache-airflow-providers-google` prior to 22.0.0. Upgrading to 22.0.0 or later changes the default to enforce host-key verification, requiring administrators to explicitly configure known hosts.
dailycve form
Platform: Airflow Google Provider
Version: Before 22.0.0
Vulnerability: SSH host-key disabled
Severity: Critical
date: 2026-05-25
Prediction: Patch date 2026-05-25
What Undercode Say:
Check installed version of airflow-providers-google pip show apache-airflow-providers-google | grep Version List all Airflow connections using ComputeEngineSSHHook airflow connections list | grep -i compute_ssh Audit Airflow DAGs for ComputeEngineSSHHook usage grep -r "ComputeEngineSSHHook" /path/to/airflow/dags/ Fix by upgrading to patched version pip install --upgrade apache-airflow-providers-google==22.0.0 Verify host-key verification is now enabled python -c "from airflow.providers.google.cloud.hooks.compute_ssh import ComputeEngineSSHHook; print(ComputeEngineSSHHook.<strong>init</strong>.<strong>doc</strong>)"
Exploit:
Attacker on same network as Airflow worker and target VM runs ARP spoofing to redirect SSH traffic to their machine, then uses a tool like `sshd` with a forged host key to intercept credentials and commands.
Protection from this CVE
Upgrade to apache-airflow-providers-google>=22.0.0. If upgrade impossible, manually override hook policy to `RejectPolicy` and maintain `~/.ssh/known_hosts` for all target VMs. Restrict network paths using VLANs or mTLS.
Impact
Complete compromise of SSH session confidentiality and integrity, leading to arbitrary command execution on Compute Engine VMs, exposure of Airflow secrets, and lateral movement within cloud environments.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]

