Description
fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts.
References (3)
Core 3
Core References
Broken Link
http://fabricators.com
Not Applicable
http://vanilla.com
Exploit, Vendor Advisory
https://github.com/Vanilla-OS/core-image/security/advisories/GHSA-67pc-hqr2-g34h
Scores
CVSS v3
6.4
EPSS
0.0031
EPSS Percentile
22.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-321
Status
published
Products (1)
fabricators/vanilla_os_core_image
< 1.1.1
Published
Jan 13, 2026
Tracked Since
Feb 18, 2026