A vulnerability, which was classified as problematic , was found in Apache Airflow Google Provider up to 21.x . Affected by this vulnerability is an unknown functionality of the component SSH Host-Key Verification . Such manipulation leads to key exchange without entity authentication. This vulnerability is documented as CVE-2026-45361 . The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.