CVE-2026-44405
low
CVSS v3
3.4
CVSS v2
—
VIR risk
3.4
Description
Paramiko rsakey.py allows the SHA-1 algorithm
Predictions
Exploit likelihood
35%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2026-44405
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2026-44405.html
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| sles | affected | | |
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| debian | forky | affected | |
| debian | sid | affected | |
| debian | trixie | affected | |
References
- https://github.com/paramiko/paramiko/commit/a4489456b6f65281e172380cc4826cee5e851dbb
- https://ostif.org/wp-content/uploads/2026/05/25-11-2415-REP_paramiko-security-audit_v1.1.pdf
- https://nvd.nist.gov/vuln/detail/CVE-2026-44405
- https://github.com/paramiko/paramiko
- https://www.suse.com/security/cve/CVE-2026-44405.html
- https://security-tracker.debian.org/tracker/CVE-2026-44405
- https://github.com/advisories/GHSA-r374-rxx8-8654
CWEs
CWE-327
Verify integrity in audit chain (admin only). AS-IS.