CVE-2026-41016

Published: Apr 30, 2026 Last Modified: Mag 01, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 5,9
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none

Description

AI Translation Available

Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS upgrade, and capture the SMTP credentials sent during the subsequent `login()` call. Users are advised to upgrade to the `apache-airflow-providers-smtp` version that contains the fix.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0004
Percentile
0,1th
Updated

EPSS Score Trend (Last 2 Days)

295

Improper Certificate Validation

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Authentication
Potential Impacts:
Bypass Protection Mechanism Gain Privileges Or Assume Identity
Applicable Platforms
Technologies: Mobile, Not Technology-Specific, Web Based
View CWE Details
Application

Airflow by Apache

Product Information
Vendor Apache
Product Airflow
Version Range Affected
From 2.0.0 (inclusive)
To 3.0.0 (exclusive)
cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/apache/airflow/pull/65346
https://github.com/apache/airflow/pull/65346
https://lists.apache.org/thread/gb202qy5r31bgdd3d51d7s5o1jh…
https://lists.apache.org/thread/gb202qy5r31bgdd3d51d7s5o1jh40kc4