Aleksandr Sozinov

#20029of 53,633
13Total CVSS
Vulnerabilities · 2
Medium
2
PT-2026-39578
6.5
2026-05-11
Apache Airflow · Apache Airflow Providers Elasticsearch · CVE-2026-41018
**Name of the Vulnerable Software and Affected Versions** apache-airflow-providers-elasticsearch versions prior to 6.5.3 **Description** The Elasticsearch logging provider writes the full host URL into task logs when configured with a `host` URL that embeds credentials. This allows any user with task-log read permissions to harvest the backend credentials. **Recommendations** Upgrade to version 6.5.3 or later. Configure backend credentials via a secret backend instead of embedding them in the `host` URL.
PT-2026-39579
6.5
2026-05-11
Apache Airflow · Apache Airflow Providers Opensearch · CVE-2026-43826
**Name of the Vulnerable Software and Affected Versions** apache-airflow-providers-opensearch versions prior to 1.9.1 **Description** The OpenSearch logging provider writes the full host URL into task logs when configured with a `host` URL that embeds credentials. This allows any user with task-log read permissions to harvest the backend credentials. **Recommendations** Upgrade to version 1.9.1 or later. Configure backend credentials via a secret backend instead of embedding them in the `host` URL.