Skip to main content
Loading…
    CVE-2026-41016 — Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle b — CVE Database · The Intelligence Room