Linux Distros Unpatched Vulnerability : CVE-2026-43826

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the fu...

Insertion of Sensitive Information into Log File

Overview apache-airflow-providers-opensearch is a Provider package apache-airflow-providers-opensearch for Apache Airflow Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the grouplogsbyhost method in ostaskhandler.py. An attacker can expose...

GHSA-XCCP-97WP-3GJG Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

CVE-2026-43826

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

UBUNTU-CVE-2026-43826

The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...