Vulners
Lucene search
Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications
| Reporter | Title | Published | Views | Family All 24 |
|---|---|---|---|---|
 | CVE-2026-28779 | 17 Mar 202610:15 | – | attackerkb |
 | CVE-2026-28779 | 17 Mar 202622:16 | – | circl |
 | Apache Airflow 安全漏洞 | 17 Mar 202600:00 | – | cnnvd |
 | Apache Airflow Information Disclosure Vulnerability (CNVD-2026-15156) | 19 Mar 202600:00 | – | cnvd |
 | CVE-2026-28779 | 17 Mar 202610:15 | – | cve |
 | CVE-2026-28779 Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications | 17 Mar 202610:15 | – | cvelist |
 | EUVD-2026-12558 | 17 Mar 202612:30 | – | euvd |
 | CVE-2026-28779 | 17 Mar 202611:16 | – | nvd |
 | BIT-AIRFLOW-2026-28779 Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications | 18 Mar 202608:39 | – | osv |
| GHSA-4FHM-P86V-HWPX Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications | 17 Mar 202612:30 | – | osv |
10
Node
apache-airflowRange3.0.0–3.1.8pip
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Mar 2026 16:32Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.17.5
EPSS0.00031
SSVC