Apache Apache-airflow-providers-ftp — known CVE vulnerabilities
Every CVE whose affected-product data names Apache Apache-airflow-providers-ftp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2026-49486 — CVSS 7.5 (high): The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the…
CVE-2024-29733 — CVSS 2.7 (low): Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTP_TLS…