What is CVE-2026-44405?

CVE-2026-44405 is a low-severity vulnerability in Paramiko, classified under Use of a Broken or Risky Cryptographic Algorithm. CVSS score: 3.4/10. Published 2026-05-06.

How severe is CVE-2026-44405?

Low severity. CVSS v3 base score is 3.4 out of 10.

Vulnerability in Paramiko

CVE-2026-44405

In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.000 (0.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.4 (Low). Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N.

Affected products

Paramiko — versions 0

Weakness classification (CWE)

CWE-327 — Use of a Broken or Risky Cryptographic Algorithm

References

cve@mitre.org
cve@mitre.org

Frequently asked questions

What is CVE-2026-44405?: CVE-2026-44405 is a low-severity vulnerability in Paramiko, classified under Use of a Broken or Risky Cryptographic Algorithm. CVSS score: 3.4/10. Published 2026-05-06.
How severe is CVE-2026-44405?: Low severity. CVSS v3 base score is 3.4 out of 10.