Apache Airflow’s Google provider contains a ComputeEngineSSHHook that, by default, disables SSH host‑key verification. The hook uses Paramiko’s AutoAddPolicy, which automatically accepts any host key presented, leaving the SSH session open to man‑in‑the‑middle attacks. An attacker able to intercept the network traffic between an Airflow worker and a Compute Engine virtual machine could eavesdrop on, inject, or modify commands and data exchanged over the SSH connection, thereby potentially compromising the integrity of Airflow‑initiated workloads.

The vulnerability affects the Apache Airflow Google provider component, specifically all versions released before 22.0.0. Users must check their installed provider version to determine exposure.

The risk remains significant because host‑key verification is a core SSH security feature; its absence means any network attacker able to intercept traffic between an Airflow worker and the target VM can perform a stealthy MITM attack. The EPSS score of <1% indicates a low probability of exploitation currently, but the high CVSS score of 8.1 signifies a high severity flaw that can impact confidentiality, integrity, and availability of workflow execution. The vulnerability is not listed in CISA KEV, yet the missing host‑key check alone justifies high concern. The likely attack vector is a network compromise that permits observation or modification between the Airflow worker host and the Compute Engine VM.