{"vulnerability": "cve-2026-4101", "sightings": [{"uuid": "32af1362-4195-4f57-ac53-977a97162a78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-4101", "type": "seen", "source": "https://www.acn.gov.it/portale/w/ibm-risolte-vulnerabilita-in-verify-identity-access-e-security-verify-access", "content": "", "creation_timestamp": "2026-04-02T12:37:21.000000Z"}, {"uuid": "d67cf19d-0dd1-4605-ba2f-93a5d0e06599", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41018", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mljlsigkot22", "content": "CVE-2026-41018: Apache Airflow Providers Elasticsearch: Elasticsearch task-log handlers leak credentials embedded in the host URL", "creation_timestamp": "2026-05-10T20:26:13.420031Z"}, {"uuid": "ec461623-a223-448e-b4df-ab096ade3235", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4101", "type": "seen", "source": "Telegram/9bl7FEfQKeFpZFPlYLUaNlRChLBL7dB3Syrn3BTLiX1da84", "content": "", "creation_timestamp": "2026-04-01T23:27:43.000000Z"}, {"uuid": "b315d83a-8a4d-430b-8131-f3fe41c2047a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41016", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkppic632k2v", "content": "CVE-2026-41016 - Apache Airflow Providers SMTP: No certificate validation on SMTP STARTTLS connections in SMTP provider\nCVE ID : CVE-2026-41016\n \n Published : April 30, 2026, 10:16 a.m. | 2\u00a0hours, 2\u00a0minutes ago\n \n Description : Apache Airflow's SMTP provider `SmtpHook` called ...", "creation_timestamp": "2026-04-30T13:22:52.715341Z"}, {"uuid": "0837ef72-4067-45e5-8d0a-1b9094826543", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4101", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mihqtgefr223", "content": "", "creation_timestamp": "2026-04-01T22:35:18.870621Z"}, {"uuid": "c32cd2db-d49c-4ad2-b9d8-6dfaf01ab113", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4101", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3miiast75w42c", "content": "", "creation_timestamp": "2026-04-02T03:21:19.054375Z"}, {"uuid": "3accbf4c-5e32-4851-8d99-b45b9088dec8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41015", "type": "seen", "source": "Telegram/RpCSTqHfWBqrKG53EyhvOrMVfWJfX1b8PG9fT94i9MHNW6c", "content": "", "creation_timestamp": "2026-04-16T05:18:09.000000Z"}, {"uuid": "1f47dfea-9984-41cf-8005-b274c7133bd2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41018", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mll3jovpgn2r", "content": "CVE-2026-41018 - Apache Airflow Providers Elasticsearch: Elasticsearch task-log handler leaks credentials embedded in the host URL\nCVE ID : CVE-2026-41018\n \n Published : May 11, 2026, 9:16 a.m. | 1\u00a0hour, 14\u00a0minutes ago\n \n Description : The Elasticsearch logging provider, when ...", "creation_timestamp": "2026-05-11T10:41:09.321149Z"}, {"uuid": "06cd1caf-cefa-49f8-8b41-e599f9df9a94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41014", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5k2dd5f32j", "content": "CVE-2026-41014: Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints", "creation_timestamp": "2026-05-31T12:13:15.093076Z"}, {"uuid": "3507a0a9-612e-4ec7-af7d-7b8d4784b3e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41017", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5lhr4e5z23", "content": "CVE-2026-41017: Apache Airflow: JWT cookie missing Secure flag in JWTRefreshMiddleware behind HTTPS-terminating proxy", "creation_timestamp": "2026-05-31T12:38:39.479406Z"}]}