Apache Airflow’s Google provider contains a ComputeEngineSSHHook that, by default, disables SSH host‑key verification. The hook uses Paramiko’s AutoAddPolicy, which automatically accepts any host key presented, leaving the SSH session open to man‑in‑the‑middle attacks. An attacker able to intercept the network traffic between an Airflow worker and a Compute Engine virtual machine could eavesdrop on, inject, or modify commands and data exchanged over the SSH connection, thereby potentially compromising the integrity of Airflow‑initiated workloads.

The vulnerability affects the Apache Airflow Google provider component, specifically all versions released before 22.0.0. Users must check their installed provider version to determine exposure.

The risk is significant because host‑key verification is a core SSH security feature; its absence means any network attacker with access between the Airflow worker and the target VM can perform a stealthy MITM attack. No EPSS data is available, but the severe impact on confidentiality, integrity, and availability of workflow execution warrants high concern. CISA does not list the issue in KEV, and the CVSS metric is not provided in the input, but the missing host‑key check alone justifies treating this as a critical flaw. The likely attack vector is a network compromise that allows traffic observation or modification between the Airflow worker host and the Compute Engine VM.