2 matches found
CVE-2026-30911
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...
PT-2026-7102
Name of the Vulnerable Software and Affected Versions Apache Airflow versions 3.1.0 through 3.1.6 Description An authorization flaw exists in Apache Airflow that could allow an authenticated user with limited task permissions to view task logs without proper authorization. The issue affects syste...