Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1888+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. Security
  3. CVE-2026-58065: Apache Airflow Git Provider Disables SSH Host Key Verification
CVE-2026-58065: Apache Airflow Git Provider Disables SSH Host Key Verification
SECURITYHIGHCVE-2026-58065

CVE-2026-58065: Apache Airflow Git Provider Disables SSH Host Key Verification

The Apache Airflow Git provider runs git-over-SSH with StrictHostKeyChecking=no by default, allowing a network-position attacker to silently impersonate the Git server and steal SSH credentials or inject malicious code.

Dylan H.

Security Team

July 14, 2026
6 min read

Affected Products

  • apache-airflow-providers-git (all versions)

Executive Summary

The Apache Airflow Git provider (apache-airflow-providers-git) runs all git-over-SSH operations with StrictHostKeyChecking=no as a hard-coded default, disabling SSH host key verification entirely. Any attacker who can intercept network traffic between an Airflow worker and a Git server — whether through ARP spoofing, DNS hijacking, BGP hijacking, or a compromised network path — can silently impersonate the Git server, capturing SSH credentials, injecting malicious repository content, or serving backdoored DAGs directly to the Airflow scheduler.

CVSS Score: 8.1 (High)

This vulnerability is particularly severe in CI/CD pipelines and data engineering workflows where Airflow fetches DAGs or configuration from private Git repositories, as it exposes both credentials and the integrity of production code.


Vulnerability Overview

AttributeValue
CVE IDCVE-2026-58065
CVSS Score8.1 (High)
TypeMan-in-the-Middle via Disabled SSH Host Key Verification
Attack VectorNetwork — requires interception capability on path to Git server
Privileges RequiredNone (network position)
User InteractionNone
ScopeChanged

Affected Versions

ComponentAffectedStatus
apache-airflow-providers-gitAll versions (StrictHostKeyChecking=no default)Monitor Apache security advisories
Apache Airflow coreNot directly affectedDepends on git provider usage

Technical Analysis

The Misconfiguration

When Airflow executes git-over-SSH via the Git provider, it passes SSH options that include:

# Effective command generated by the Airflow Git provider
GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' \
  git clone git@github.com:org/dags.git

StrictHostKeyChecking=no tells SSH to accept any host key presented, including one from an attacker impersonating the legitimate server. Combined with UserKnownHostsFile=/dev/null, no host keys are ever recorded or checked.

Man-in-the-Middle Attack Flow

NORMAL FLOW:
  Airflow Worker → [SSH with host key check] → Legitimate Git Server
 
ATTACK FLOW:
  Airflow Worker → [SSH, no host key check] → Attacker's Server (MITM)
                                                    ↓
                                              Captures SSH private key
                                              Serves malicious DAG content
                                              Proxies to real Git server (invisible)

Attack Prerequisites

The attacker must be able to intercept or redirect traffic between:
  - Airflow worker IP
  - Git server IP or hostname
 
This can be achieved via:
  - ARP spoofing on the same LAN
  - DNS cache poisoning (if using hostname-based Git remote)
  - BGP route hijacking (for internet-facing Git servers)
  - Compromised network infrastructure (router, switch, cloud VPC peering)
  - Supply chain compromise of a CDN or cloud provider

Impact

ImpactDescription
SSH Key / Credential TheftAttacker captures the private key or credentials used to authenticate to Git
DAG / Code InjectionMalicious Python DAG code served to Airflow — executes with worker privileges
Supply Chain CompromiseBackdoored DAGs can exfiltrate data, pivot to other systems, or sabotage pipelines
Secret ExfiltrationDAGs often contain or reference secrets (API keys, DB credentials, cloud credentials)
Persistent AccessInjected code can establish persistence within the Airflow environment

High-Risk Deployment Scenarios

  • Airflow pulling DAGs from GitHub/GitLab over the public internet
  • Multi-tenant cloud environments where VPC isolation is not guaranteed
  • On-premises Airflow clusters connected to external Git repositories
  • Airflow in Kubernetes with shared network namespaces

Remediation

Step 1: Configure SSH Host Key Verification

Override the default StrictHostKeyChecking=no by providing a known_hosts file:

# airflow.cfg or environment variable
# Add to git connection extra parameters
 
# In Airflow UI: Admin → Connections → Edit Git connection
# Extra: {"ssh_strict_host_key_checking": "yes", "known_hosts_file": "/opt/airflow/known_hosts"}
# 1. Collect the host key for your Git server
ssh-keyscan github.com >> /opt/airflow/known_hosts
ssh-keyscan gitlab.com >> /opt/airflow/known_hosts
ssh-keyscan your-internal-git.company.com >> /opt/airflow/known_hosts
 
# 2. Set permissions
chmod 644 /opt/airflow/known_hosts
chown airflow:airflow /opt/airflow/known_hosts
 
# 3. Reference in git SSH command
export GIT_SSH_COMMAND='ssh -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/opt/airflow/known_hosts'

Step 2: Use HTTPS with Certificate Verification Instead of SSH

For many use cases, HTTPS Git remotes are simpler and easier to secure:

# Use HTTPS with a personal access token (stored in Airflow Variables/Connections)
# airflow.cfg
[git]
repo = https://github.com/org/dags.git
# Credentials managed via git credential helper or Airflow Secret Backend
# In DAG repo connection config
conn = Connection(
    conn_id="git_dags",
    conn_type="git",
    host="https://github.com/org/dags.git",
    password="{{ var.value.git_token }}",  # Token from Airflow Variables
)

Step 3: Network Segmentation

# Restrict outbound SSH from Airflow workers to known Git server IPs only
iptables -I OUTPUT -p tcp --dport 22 -d <GIT_SERVER_IP> -j ACCEPT
iptables -A OUTPUT -p tcp --dport 22 -j DROP
 
# Or via cloud security groups / network ACLs:
# Allow: Airflow worker SG → Git server IP:22
# Deny: All other outbound :22

Step 4: Monitor for MITM Indicators

# Check for unexpected SSH host key changes in logs
grep "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED" /var/log/airflow/scheduler*.log
 
# If using strict checking (after remediation), this warning stops attacks
# Monitor for task failures with SSH host key errors as potential attack signals
grep "Host key verification failed" /var/log/airflow/worker*.log

Kubernetes / Helm Deployment

# Airflow Helm chart — mount known_hosts into all workers
airflow:
  extraVolumes:
    - name: git-known-hosts
      configMap:
        name: git-known-hosts
  extraVolumeMounts:
    - name: git-known-hosts
      mountPath: /opt/airflow/.ssh/known_hosts
      subPath: known_hosts
 
  extraEnvVars:
    - name: GIT_SSH_COMMAND
      value: "ssh -o StrictHostKeyChecking=yes -o UserKnownHostsFile=/opt/airflow/.ssh/known_hosts"
# Create the ConfigMap
kubectl create configmap git-known-hosts \
  --from-file=known_hosts=./known_hosts \
  -n airflow

Detection

IndicatorDescription
Unexpected host keys in SSH logsGit server key changed — potential MITM in progress
Airflow DAGs behaving unexpectedlyInjected code executing via MITM
SSH key compromise alertsPrivate key used from unexpected locations
Anomalous network traffic from Airflow workersPost-exploitation data exfiltration
Scheduled tasks failing with auth errorsStolen key being rotated by victim

Post-Remediation Steps

  1. Immediately configure a known_hosts file and set StrictHostKeyChecking=yes
  2. Rotate all SSH keys used by Airflow workers to authenticate to Git servers
  3. Audit Git server access logs for connections from unexpected IPs
  4. Review all DAGs deployed since the vulnerable configuration was active
  5. Consider migrating to HTTPS with token-based authentication for simpler key management
  6. Implement DAG signing / verification to detect integrity violations
  7. Monitor Apache Airflow security advisories for an official patch to the git provider default

References

  • NVD — CVE-2026-58065
  • Apache Airflow Security Advisories
  • CWE-297: Improper Validation of Certificate with Host Mismatch
  • NIST SP 800-52: SSH Security Guidelines

Related Reading

  • CVE-2026-61500: Rejetto HFS Predictable Session Cookie Key
  • CVE-2026-57433: Perl Storable Integer Overflow via SX_HOOK
  • CVE-2026-13221: Perl Regex Trie Overflow — Silent Match Failure
#CVE#Apache Airflow#SSH#MITM#Nation-State#APT#Vulnerability

Related Articles

CVE-2025-57735: Apache Airflow JWT Token Not Invalidated on Logout

A critical CVSS 9.1 vulnerability in Apache Airflow fails to invalidate JWT tokens upon user logout, allowing intercepted tokens to be reused for...

3 min read

CVE-2026-14453: Critical SSTI to RCE in Centreon Open Tickets (CVSS 9.6)

A critical Server-Side Template Injection vulnerability in Centreon's centreon-open-tickets module allows unauthenticated attackers to achieve Remote Code Execution via the unsanitized message_confirm field.

6 min read

CVE-2026-57433: Perl Storable Signed Integer Overflow in SX_HOOK Deserialization

A CVSS 9.8 signed integer overflow in Perl's Storable module (before 3.41) allows a crafted SX_HOOK record to wrap an I32_MAX item count to -1, corrupting heap memory and potentially enabling remote code execution.

5 min read
Back to all Security Alerts