HomeCVE Intelligence › CVE-2026-61668
CVSS 8.1 HIGH Vulnerability

CVE-2026-61668: DIRAC: Pilot code downloaded over unverified HTTPS connection

Summary The second stage pilot (pilot.tar) is downloaded by the initial wrapper script without any verification of the webservers' SSL certificate and the contained script is subsequently executed. The checksum is teste…

8.1CVSS Score
HIGHSeverity
NOCISA KEV
VulnerabilityImpact Type

📋 Vulnerability Details

CVE IDCVE-2026-61668
Vendorpip
Affected ProductDIRAC
Vulnerability TypeVulnerability
CVSS Score8.1 (HIGH)
Actively Exploited❌ No known exploitation
Patch StatusSee Vendor Advisory →
Reported ByCYBERDUDEBIVASH SENTINEL APEX Intelligence (via github_advisories)

🔬 Technical Analysis

#

Summary

The second stage pilot (pilot.tar) is downloaded by the initial wrapper script without any verification of the webservers' SSL certificate and the contained script is subsequently executed. The checksum is tested, but the reference checksum file is downloaded over the same unvalidated channel.

Details

The pilot wrapper downloads and executes the main second stage pilot script, but the SSL validation on this connection is explicitly disabled (to match old python < 2.7.9 behaviour): https://github.com/DIRACGrid/DIRAC/blob/integration/src/DIRAC/WorkloadManagementSystem/Utilities/PilotWrapper.py#L292-L296 This means that the second stage pilot code is not verified in any way and could potentially be altered by a man-in-the-middle attack to execute arbitrary code in the pilot co

🎯 Known Indicators of Compromise

{"type":"url","value":"https://github.com/DIRACGrid/DIRAC/blob/integration/src/DIRAC/WorkloadManagementSystem/Utilities/Pil","confidence_score":0.82,"first_seen":"2026-07-13","source_count":1}

📚 Advisory References

⚡ DETECTION RULES AVAILABLE

Get CVE-2026-61668 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries
🛡️ Get Detection Pack → 🔌 Access via API →

🔗 Related Intelligence