CVE-2026-44405

Description

In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.

Affected packages (2)

• Debian/paramikofrom 0
• PyPI/paramikofrom 0, <= 4.0.0

CVSS scores

References (5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-44405
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2026-44405
• PATCHhttps://github.com/paramiko/paramiko
• WEBhttps://github.com/paramiko/paramiko/commit/a4489456b6f65281e172380cc4826cee5e851dbb
• WEBhttps://ostif.org/wp-content/uploads/2026/05/25-11-2415-REP_paramiko-security-audit_v1.1.pdf