2 matches found
PT-2026-60333
Name of the Vulnerable Software and Affected Versions Dulwich versions prior to 1.1.0 Description Dulwich fails to perform SSH host key verification within the contrib/paramiko vendor.py file. This lack of verification allows for potential man-in-the-middle attacks during SSH connections...
CVE-2026-38974
CVE-2026-38974 affects Dulwich up to version 1.1.0. The issue is in the SSH-related code path at contrib/paramiko_vendor.py, where SSH host key verification is missing. This absence can allow an attacker to perform a man-in-the-middle potentially compromising authenticity checks during SSH sessio...