CVE-2026-44405 Overview
CVE-2026-44405 affects Paramiko, a widely used Python implementation of the SSHv2 protocol. The vulnerability resides in rsakey.py, which permits the deprecated SHA-1 hash algorithm during RSA key operations. SHA-1 is cryptographically broken and no longer considered safe for digital signatures or authentication contexts. The issue is tracked under [CWE-327: Use of a Broken or Risky Cryptographic Algorithm]. The flaw was identified during an OSTIF security audit of Paramiko and remediated in commit a448945. Affected versions include Paramiko through 4.0.0 prior to that commit.
Critical Impact
An adjacent network attacker capable of influencing SSH authentication exchanges may leverage SHA-1 weaknesses to undermine the integrity of RSA key signatures used by Paramiko clients and servers.
Affected Products
- Paramiko through 4.0.0 (prior to commit a448945)
- Python applications and automation tooling that depend on Paramiko for SSH connectivity
- SSH client and server implementations built on Paramiko's rsakey.py module
Discovery Timeline
- 2026-05-06 - CVE-2026-44405 published to NVD
- 2026-05-07 - Last updated in NVD database
Technical Details for CVE-2026-44405
Vulnerability Analysis
Paramiko's rsakey.py accepts SHA-1 as a valid hashing algorithm for RSA-based SSH operations. SHA-1 has documented collision weaknesses and was deprecated by OpenSSH starting with version 8.8. Modern SSH deployments require rsa-sha2-256 or rsa-sha2-512 algorithms instead. By continuing to allow ssh-rsa (which uses SHA-1), Paramiko exposes integrations to weaker signature verification than current cryptographic standards demand. The flaw is categorized as [CWE-327] and primarily affects integrity guarantees during host key verification and public-key authentication.
Root Cause
The root cause is the absence of an algorithm allowlist enforcing SHA-2 family hashes for RSA keys. The pre-patch code path in auth_handler.py and client.py did not constrain algorithm values negotiated during authentication, allowing the legacy ssh-rsa identifier (SHA-1) to remain acceptable.
Attack Vector
Exploitation requires an adjacent network position with high attack complexity. An attacker influencing the SSH handshake could induce use of SHA-1 signatures, then leverage known SHA-1 collision techniques to attempt signature forgery against host key or user key verification flows.
# Source: https://github.com/paramiko/paramiko/commit/a4489456b6f65281e172380cc4826cee5e851dbb
# Patch in paramiko/client.py - Replace ssh-rsa (SHA-1) with rsa-sha2-* during host key selection
our_server_keys = self._system_host_keys.get(server_hostkey_name)
if our_server_keys is None:
our_server_keys = self._host_keys.get(server_hostkey_name)
if our_server_keys is not None:
keytype = our_server_keys.keys()[0]
sec_opts = t.get_security_options()
if keytype == "ssh-rsa":
if "rsa-sha2-512" in sec_opts.key_types:
keytype = "rsa-sha2-512"
elif "rsa-sha2-256" in sec_opts.key_types:
keytype = "rsa-sha2-256"
else:
raise Exception(
"unsupported key type in known_hosts"
)
other_types = [x for x in sec_opts.key_types if x != keytype]
This patch upgrades the negotiated key type from ssh-rsa to rsa-sha2-512 or rsa-sha2-256 when SHA-2 alternatives are available, preventing fallback to SHA-1.
Detection Methods for CVE-2026-44405
Indicators of Compromise
- SSH authentication logs showing negotiated algorithm ssh-rsa instead of rsa-sha2-256 or rsa-sha2-512
- Paramiko-based applications running versions through 4.0.0 prior to commit a448945
- Host key verification events referencing SHA-1 signatures in SSH transcripts
Detection Strategies
- Inventory Python environments and identify Paramiko package versions using pip show paramiko or software composition analysis tooling
- Inspect SSH server logs for clients negotiating the ssh-rsa algorithm and correlate to source applications
- Audit dependency manifests (requirements.txt, Pipfile.lock, poetry.lock) for vulnerable Paramiko versions
Monitoring Recommendations
- Enable verbose SSH transport logging on Paramiko clients to capture negotiated key exchange and signature algorithms
- Alert on SSH sessions where SHA-1 based signatures are observed in authentication exchanges
- Track outbound connections from automation hosts using Paramiko to detect legacy algorithm usage during transition periods
How to Mitigate CVE-2026-44405
Immediate Actions Required
- Upgrade Paramiko to a version that includes commit a448945 or later
- Audit application code that pins Paramiko versions and remove fixed references to releases through 4.0.0
- Configure SSH servers reached by Paramiko clients to disable ssh-rsa and require rsa-sha2-256 or rsa-sha2-512
Patch Information
The fix is committed to the Paramiko repository at GitHub Commit a448945. The patch removes SHA-1 from RSA key handling paths in auth_handler.py, client.py, and rsakey.py. Additional context is available in the OSTIF Security Audit Report.
Workarounds
- Restrict SSH server HostKeyAlgorithms and PubkeyAcceptedAlgorithms to SHA-2 variants until Paramiko clients are upgraded
- Replace RSA host keys with Ed25519 or ECDSA keys where supported, eliminating SHA-1 fallback risk
- Limit Paramiko-based automation to trusted network segments to reduce exposure to adjacent-network adversaries
# Configuration example - sshd_config hardening to disable SHA-1 RSA signatures
HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519,ecdsa-sha2-nistp256
PubkeyAcceptedAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519,ecdsa-sha2-nistp256
# Upgrade Paramiko to a patched release
pip install --upgrade 'paramiko>4.0.0'
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
