PT-2026-60333 · Pypi · Dulwich
CVE-2026-38974
·
Published
2026-07-15
·
Updated
2026-07-16
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Dulwich versions prior to 1.1.0
Description
Dulwich fails to perform SSH host key verification within the
contrib/paramiko vendor.py file. This lack of verification allows for potential man-in-the-middle attacks during SSH connections.Recommendations
Update to a version later than 1.1.0.
As a temporary mitigation, restrict the use of the
contrib/paramiko vendor.py module. Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dulwich