What is the CVSS score of CVE-2026-41018?

CVE-2026-41018 has a CVSS 3.1 base score of 6.5 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. EPSS exploitation probability: 0.0%.

Is there a patch available for CVE-2026-41018?

Yes, a patch is available for CVE-2026-41018. Update the affected software to the latest version immediately.

Apache Airflow Elasticsearch Provider CVE-2026-41018

EUVD-2026-29040 MEDIUM

Insertion of Sensitive Information into Log File (CWE-532)

2026-05-11 apache

GHSA-g3jr-4jrm-jvqv

Apache Information Disclosure Elastic

6.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Source Code Evidence Fetched

May 11, 2026 - 14:22 vuln.today

Analysis Generated

May 11, 2026 - 14:22 vuln.today

CVSS changed

May 11, 2026 - 14:22 NVD

6.5 (MEDIUM)

CVE Published

May 11, 2026 - 08:21 nvd

UNKNOWN (no severity yet)

CVE Published

May 11, 2026 - 08:21 nvd

MEDIUM 6.5

DescriptionNVD

The Elasticsearch logging provider, when configured with a host URL that embeds credentials (for example https://user:password@server.example.com:9200), wrote the full host URL - including the embedded credentials - into task logs. Any user with task-log read permission could harvest the backend credentials. Users are advised to upgrade to apache-airflow-providers-elasticsearch 6.5.3 or later and, as a defense-in-depth measure, configure the backend credentials via a secret backend rather than embedding them in the [elasticsearch] host URL.

AnalysisAI

Apache Airflow Elasticsearch provider writes embedded credentials from the [elasticsearch] host configuration URL directly into task logs, allowing any user with task-log read permissions to harvest backend authentication credentials. The vulnerability affects Apache Airflow Providers Elasticsearch versions before 6.5.3 and has been patched by stripping userinfo from the host URL before logging. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

More from same product – last 7 days

CVE-2025-48977 HIGH This Week

8.5 May 28

Path traversal in Apache Ignite 2.0.0 through 2.17.0 lets authenticated REST API users read arbitrary files on the serve

CVE-2026-42398 HIGH This Week

7.7 May 28

Server-side request forgery in Elastic Kibana allows authenticated users holding connector management privileges to bypa

CVE-2026-42782 HIGH This Week

7.2 May 25

Code execution via Groovy sandbox bypass in Apache Syncope 3.0 through 3.0.16, 4.0 through 4.0.5, and 4.1.0 allows a hig

CVE-2026-33464 MEDIUM This Month

6.5 May 28

Denial of service in Kibana allows any authenticated low-privileged user to render the Kibana service unresponsive for a

CVE-2026-42399 MEDIUM This Month

6.5 May 28

Denial of service in Elastic Kibana allows an authenticated low-privileged user to crash the Kibana service and deny acc

CVE-2026-41018 vulnerability details – vuln.today

Back

Apache Airflow Elasticsearch Provider CVE-2026-41018

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

More from same product – last 7 days

Share

External POC / Exploit Code