Vulnerability in Apache Software Foundation Airflow Git Provider

CVE-2026-58065

The Apache Airflow Git provider runs its git-over-SSH operations with `StrictHostKeyChecking=no` by default, disabling SSH host-key verification. An attacker who can intercept the network path between an Airflow worker and the Git server c…

Affected products

Weakness classification (CWE)

References