Lucene search
K

2070 matches found

Nuclei
Nuclei
added 2 days ago114 views

Apache Airflow <=1.10.10 - Remote Code Execution

Apache Airflow versions 1.10.10 and below are vulnerable to remote code/command injection vulnerabilities in one of the example DAGs shipped with Airflow. This could allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler depending on the executor in us...

8.8CVSS7.2AI score0.99118EPSS
Exploits9References5
OSV
OSV
added 6 days ago5 views

PYSEC-2026-1145 Apache Airflow Common SQL Provider Vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Apache Airflow Common SQL Provider. When using the partition clause in SQLTableCheckOperator as parameter which was a recommended pattern, Authenticated UI User could inject arbitrary SQL command...

8.8CVSS6.2AI score0.00833EPSS
Exploits0References10
OSV
OSV
added 6 days ago3 views

PYSEC-2026-1137 apache-airflow-providers-apache-drill Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider. Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read fil...

8.7CVSS6.7AI score0.01776EPSS
Exploits0References10
OSV
OSV
added 6 days ago4 views

PYSEC-2026-1139 Apache Airflow Apache Hive Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider. Patching on top of CVE-2023-35797 Before 6.1.2 the proxyuser option can also inject semicolon. This issue affects Apache Airflow Apache Hive Provider: before 6.1.2. It is recommended updatin...

8.8CVSS7.1AI score0.01151EPSS
Exploits0References6
OSV
OSV
added 6 days ago5 views

PYSEC-2026-1152 Apache Airflow ODBC Provider Argument Injection vulnerability

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulnerability exists in a system due to controllable ODBC driver parameters that allow the loading of...

7.8CVSS7.2AI score0.0075EPSS
Exploits0References7
OSV
OSV
added 6 days ago4 views

PYSEC-2026-1140 Apache Airflow Spark Provider vulnerable to improper input validation

Apache Software Foundation Apache Airflow Spark Provider before 4.0.1 is vulnerable to improper input validation because the host and schema of JDBC Hook can contain / and ? which is used to denote the end of the field...

7.5CVSS7.1AI score0.02152EPSS
Exploits0References7
OSV
OSV
added 6 days ago3 views

PYSEC-2026-1136 Apache Airflow Drill Provider vulnerable to improper input validation

Apache Software Foundation's Apache Airflow Drill Provider before 2.3.2 is vulnerable to improper input validation because the host passed in drill connection is not sanitized...

8.7CVSS7.1AI score0.02062EPSS
Exploits0References10
OSV
OSV
added 6 days ago4 views

PYSEC-2026-774 Apache Airflow Google Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0...

7.5CVSS5.9AI score0.01826EPSS
Exploits0References6
OSV
OSV
added 6 days ago4 views

PYSEC-2026-771 Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information

Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1...

7.5CVSS5.9AI score0.01499EPSS
Exploits0References6
OSV
OSV
added 6 days ago4 views

PYSEC-2026-772 OS Command Injection in Apache Airflow

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider...

7.8CVSS6.2AI score0.01753EPSS
Exploits0References6
NVD
NVD
added 6 days ago10 views

CVE-2026-48891

A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...

4.3CVSS0.00636EPSS
Exploits0References3
NVD
NVD
added 6 days ago10 views

CVE-2026-49487

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

6.5CVSS0.00664EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-49487 Apache Airflow: Task-instance API exposes secrets in deferred trigger kwargs

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

0.00664EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago10 views

CVE-2026-49487

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

6.5CVSS6AI score0.00664EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-48828 Apache Airflow: Bulk JSON Variables bypass should_hide_value_for_key - redact() called without the key

The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...

0.00664EPSS
Exploits0References2
CVE
CVE
added 6 days ago15 views

CVE-2026-48828

The CVE-2026-48828 issue affects Apache Airflow’s Bulk Variables API: the redactor was invoked without passing the variable key, so the key-based should_hide_value_for_key check (triggered by secret-suffixed keys like *_password, *_token, *_secret) could not redact JSON-typed variable values. An ...

6.5CVSS6AI score0.00664EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42027

Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Dags co-located in the same source file. GET /api/v2/dagSources/dagid — and the equivalent Dag-source view in the UI — returned the entire source file without redacting Dags the caller was not...

6.5CVSS5.9AI score0.00601EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-49296

Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Dags co-located in the same source file. GET /api/v2/dagSources/dagid — and the equivalent Dag-source view in the UI — returned the entire source file without redacting Dags the caller was not...

6.5CVSS5.9AI score0.00601EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42025

A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...

4.3CVSS6AI score0.00636EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-48891

A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with...

4.3CVSS6AI score0.00636EPSS
Exploits0References4
Rows per page
Query Builder