apache-airflow-providers-smtp

Source repositories

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2026-49267	Apache Airflow	Med	0.31	5.9	0.00		Jun 1, 2026	Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used `[email] smtp_starttls=True` without `[email] smtp_ssl`. An attacker positioned between the…
CVE-2026-50203	Apache apache-airflow-providers-smtp		0.00	—	—		Jun 17, 2026	A path traversal in the SFTP provider (`SFTPHook.retrieve_directory` / `SFTPOperator(operation=get)`) let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is…

CVE-2026-49267MedJun 1, 2026
Apache
Airflow
risk 0.31cvss 5.9epss 0.00
Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used `[email] smtp_starttls=True` without `[email] smtp_ssl`. An attacker positioned between the…
CVE-2026-50203Jun 17, 2026
Apache
apache-airflow-providers-smtp
risk 0.00cvss —epss —
A path traversal in the SFTP provider (`SFTPHook.retrieve_directory` / `SFTPOperator(operation=get)`) let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is…