Tag

Airflow

2 briefs RSS

Apache Airflow Providers OpenSearch and Elasticsearch Information Disclosure Vulnerabilities

A remote, authenticated attacker can exploit multiple vulnerabilities in Apache Airflow Providers OpenSearch and Elasticsearch to disclose sensitive information.

Airflow Providers OpenSearch +1 airflow information-disclosure apache

1r 1t May 11, 2026

low advisory

Apache Airflow OpenSearch Provider Credentials Leak via Task Logs (CVE-2026-43826)

2 rules

The OpenSearch logging provider in Apache Airflow Providers OpenSearch versions before 1.9.1 wrote host URLs containing embedded credentials into task logs, potentially exposing them to unauthorized users with task-log read permission (CVE-2026-43826).

Airflow Providers OpenSearch credential-leak airflow opensearch

2r May 10, 2026