CVE-2026-11745
Deferred
Deferred - Pending Action
Git Mirror SSH Host Key Verification Bypass in Central Dogma
Vulnerability report for CVE-2026-11745, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-22
Last updated on: 2026-06-22
Assigner: LINE Corporation
Description
Description
A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| line | centraldogma-server-mirror-git | to 0.84.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-322 | The product performs a key exchange with an actor without verifying the identity of that actor. |