A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|
References
History
Mon, 22 Jun 2026 04:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Git Mirror SSH Host Key Verification Bypass Leading to Repository Compromise | |
| Weaknesses | CWE-295 |
Mon, 22 Jun 2026 03:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories. | |
| References |
| |
| Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: LY-Corporation
Published:
Updated: 2026-06-22T02:33:08.952Z
Reserved: 2026-06-09T06:46:10.431Z
Link: CVE-2026-11745
Vulnrichment
No data.
NVD
No data.
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-22T04:30:16Z