Known Vulnerabilities for Apache Airflow FAB Provider by Apache Software Foundation
Listed below are 5 of the newest known vulnerabilities associated with "Apache Airflow FAB Provider" by "Apache Software Foundation".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-46745 json | Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attacker... | Not Provided | 2026-05-25 | 2026-05-26 |
| CVE-2026-43826 json | The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:passwor... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-41018 json | The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:pass... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-41016 json | Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate... | Not Provided | 2026-04-30 | 2026-04-30 |
| CVE-2026-32794 json | Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certi... | Not Provided | 2026-03-30 | 2026-03-31 |