MEDIUM
Dulwich
CVE published 2026-07-15
CVE-2026-38974
Dulwich through 1.1.0 was found to be missing SSH host key verification in contrib/paramiko_vendor.py. This issue was reported in the CVE record and the NVD entry is currently being reviewed. The vulnerability allows for potential man-in-the-middle attacks if an attacker can intercept and modify the communication between the client and server. Users of Dulwich through version 1.1.0 who utilize SSH connect [truncated]