Is apache-airflow-providers-opensearch affected by CVE-2026-43826?

PyPI apache-airflow-providers-opensearch is affected in <1.9.1.

Is CVE-2026-43826 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.4%.

medium

CVE-2026-43826

Q: Is CVE-2026-43826 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.4%.

PyPI · apache-airflow-providers-opensearch

Summary

Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL

Severity: medium
EPSS: 0.4% (p33)
Also known as: GHSA-xccp-97wp-3gjg, PYSEC-2026-23
Published: 2026-05-11

References

https://nvd.nist.gov/vuln/detail/CVE-2026-43826
https://github.com/apache/airflow/pull/65509
https://github.com/apache/airflow/commit/6a6b6ff409fb48c28bd63482828632a3c5a5bb93

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.