CVE-2026-41016 Blast Radius

MEDIUM • CVSS 5.9Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed

Is Your Infrastructure Using These Packages?

EchelonGraph automatically scans your cloud infrastructure and SBOMs to map your exposure to vulnerabilities like CVE-2026-41016.

Start Free Scan →← Back to CVE-2026-41016