CVE-2026-44405

Published: Mag 06, 2026 Last Modified: Mag 06, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 3,4
Source: [email protected]
Attack Vector: adjacent_network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: changed
Confidentiality: none
Integrity: low
Availability: none

Description

AI Translation Available

In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.

327

Use of a Broken or Risky Cryptographic Algorithm

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Accountability Non-Repudiation
Potential Impacts:
Read Application Data Modify Application Data Hide Activities
Applicable Platforms
Languages: Not Language-Specific, Verilog, VHDL
Technologies: ICS/OT, Not Technology-Specific
Likelihood of Exploit: High
View CWE Details
https://github.com/paramiko/paramiko/commit/a4489456b6f6528…
https://github.com/paramiko/paramiko/commit/a4489456b6f65281e172380cc4826cee5e8…
https://ostif.org/wp-content/uploads/2026/05/25-11-2415-REP…
https://ostif.org/wp-content/uploads/2026/05/25-11-2415-REP_paramiko-security-a…