46 matches found
CVE-2026-49297
Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...
EUVD-2026-39627
The Apache Airflow FTP provider's FTPSHook.getconn created an ftplib.FTPTLS connection but never called protp, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using FTPSHook or FTPSFileTransmitOperator to move files over FTPS exposed...
CVE-2026-50203 Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory allows local file write outside the destination directory via malicious server-supplied directory-entry names
A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...
ROOT-APP-PYPI-CVE-2023-25956 CVE-2023-25956 in rootio-apache-airflow-providers-amazon - Patched by Root
Root has patched CVE-2023-25956 in the rootio-apache-airflow-providers-amazon package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-22884 CVE-2023-22884 in rootio-apache-airflow-providers-mysql - Patched by Root
Root has patched CVE-2023-22884 in the rootio-apache-airflow-providers-mysql package for Root:PyPI. Multiple fixed versions available...
CVE-2026-46745
Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...
Key Exchange without Entity Authentication
Overview apache-airflow-providers-google is a Provider for Apache Airflow. Implements apache-airflow-providers-google package Affected versions of this package are vulnerable to Key Exchange without Entity Authentication due to SSH host key verification being disabled by default in the...
CVE-2026-46745
The CVE-2026-46745 issue affects the Apache Airflow FAB provider’s FAB Auth Manager, specifically an LDAP filter injection in the _search_ldap path reachable via /auth/token. The vulnerability arises from insufficient input sanitization in LDAP filters, enabling unauthenticated attackers to exfil...
PYSEC-2026-166
Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...
PYSEC-0000-CVE-2026-45361
Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...
Incorrect Authorization
Overview apache-airflow-providers-amazon is a Provider for Apache Airflow. Implements apache-airflow-providers-amazon package Affected versions of this package are vulnerable to Incorrect Authorization in the team-scoping logic. An attacker can access secrets belonging to other teams by crafting ...
Insertion of Sensitive Information into Externally-Accessible File or Directory
Overview apache-airflow-providers-cncf-kubernetes is a Provider for Apache Airflow. Implements apache-airflow-providers-cncf-kubernetes package Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the exposure of J...
airflow-add-ons (>=0.2.4 <=0.2.9b2), airflow-aws-shared-secrets (>=0.0.1 <=0.0.5) +11 more potentially affected by CVE-2026-42526 via apache-airflow-providers-amazon (>=1.4.0 <=9.17.0)
apache-airflow-providers-amazon PYPI version =1.4.0, =0.2.4, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.0.4, =0.0.0, =2.10.3, =14.4.0, =0.0.1, =0.0.1rc1, =2.10.7, =2.10.11rc5 Source cves: CVE-2026-42526 Source advisory: OSV:GHSA-G9QC-QF28-HHQX...
CVE-2026-42526
In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...
CVE-2026-42526
The CVE-2026-42526 vulnerability affects apache-airflow-providers-amazon backends for AWS Secrets Manager and SSM Parameter Store prior to 9.28.0. The team-scoping logic could resolve a conn_id containing a slash (for example a_team/conn) to the same path as another team’s secret when the caller ...
PT-2026-42004
Name of the Vulnerable Software and Affected Versions apache-airflow-providers-amazon versions prior to 9.28.0 Description In the AWS Secrets Manager and SSM Parameter Store secrets backends, the team-scoping logic could resolve a conn id containing a / for example, "my team/conn" to the same pat...
CVE-2026-41018
The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
UBUNTU-CVE-2026-43826
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
CVE-2026-41018 Apache Airflow Providers Elasticsearch: Elasticsearch task-log handler leaks credentials embedded in the host URL
The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...
CVE-2026-43826 Apache Airflow Providers OpenSearch: OpenSearch task-log handler leaks credentials embedded in the host URL
The OpenSearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...