Known Vulnerabilities for Apache-airflow-providers-fab by Apache
Listed below are 1 of the newest known vulnerabilities associated with "Apache-airflow-providers-fab" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-46745 json | Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attacker... | Not Provided | 2026-05-25 | 2026-05-26 |
| CVE-2026-45361 json | Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic ... | Not Provided | 2026-05-25 | 2026-05-26 |
| CVE-2026-43826 json | The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:passwor... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-42526 json | In the AWS Secrets Manager and SSM Parameter Store secrets backends of `apache-airflow-providers-amazon` prior to 9.28.0, the... | Not Provided | 2026-05-19 | 2026-05-19 |
| CVE-2026-41018 json | The Elasticsearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:pass... | Not Provided | 2026-05-11 | 2026-05-11 |
| CVE-2026-41016 json | Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate... | Not Provided | 2026-04-30 | 2026-04-30 |
| CVE-2026-40948 json | The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state`... | Not Provided | 2026-04-18 | 2026-04-20 |