A security scan will report CVE-2025-26465 on TCA manager, TCA CP and airgap server.

Tool might report the affected versions as below : 

OpenSSH versions 6.8p1 to 9.9p1(inclusive)

TCA 3.2 or below.

Airgap 3.2 or below.

CVE-2025-26465: OpenSSH contained a logic error that allowed an on-path attacker (a.k.a MITM) to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default.

This has been resolved in TCA version 3.3. 

The TCA 3.3 uses 8.9p1-9.ph4 where this vulnerability is fixed . 

Even though the application complains about the vulnerability we can ignore the same as the fix is in place as there are changes made by engineering in this version of Openssh to have the vulnerability addressed.

For airgap appliance we can  run "tdnf update" to sync to latest package version.