An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. CREATE(Triage):(User=admin) [CVE-2021-36370|https://nvd.nist.gov/vuln/detail/CVE-2021-36370]