Vulners
Lucene search
| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
 | CVE-2026-42359 | 1 Jun 202607:49 | – | attackerkb |
 | CVE-2026-42359 | 31 May 202613:22 | – | circl |
 | Apache Airflow 安全漏洞 | 1 Jun 202600:00 | – | cnnvd |
 | CVE-2026-42359 Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator | 1 Jun 202607:49 | – | cvelist |
 | EUVD-2026-33588 | 1 Jun 202607:49 | – | euvd |
 | CVE-2026-42359 | 1 Jun 202609:16 | – | nvd |
 | BIT-AIRFLOW-2026-42359 Apache Airflow: Authenticated RCE via XCom PATCH endpoint — XComUpdateBody missing FORBIDDEN_XCOM_KEYS validator | 5 Jun 202605:40 | – | osv |
| PYSEC-2026-185 | 1 Jun 202609:16 | – | osv |
 | PT-2026-45371 | 1 Jun 202600:00 | – | ptsecurity |
 | PYSEC-0000-CVE-2026-42359 | 1 Jun 202609:16 | – | pypa |
10
[
{
"collectionURL": "https://pypi.python.org",
"defaultStatus": "unaffected",
"packageName": "apache-airflow",
"product": "Apache Airflow",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.2.2",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| key | path | api/v2/xcomEntries/{key} | PATCH endpoint allowing XCom entries to be written under reserved keys (e.g., return_value) via authenticated PATCH on /api/v2/xcomEntries/{key} with bypass of FORBIDDEN_XCOM_KEYS; enables potential RCE when deserialized payloads are executed by triggerer. | CWE-502 |
| payload | request body | api/v2/xcomEntries/{key} | Request body may carry serialized payload shapes that trigger deserializer to execute code, enabling RCE when the affected task defers. | CWE-502 |
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 Jun 2026 10:47Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.18.8
EPSS0.0055
SSVC