CVE-2026-43826 — The OpenSearch logging provider, when configured with a `host` URL that embeds credentials (for example `https://user:password@server.example.com:9200`), wrote the full host URL — including the embedd — CVE Database · The Intelligence Room