Tag
The OpenSearch logging provider in Apache Airflow Providers OpenSearch versions before 1.9.1 wrote host URLs containing embedded credentials into task logs, potentially exposing them to unauthorized users with task-log read permission (CVE-2026-43826).