CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

15 matches found

CVE-2026-42252

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

9.1CVSS5.8AI score0.00051EPSS

Exploits0References1

OSV•added 3 days ago•2 views

PYSEC-2026-184

9.1CVSS5.8AI score0.00051EPSS

Exploits0References2

NVD•added 3 days ago•8 views

CVE-2026-42252

9.1CVSS0.00051EPSS

Exploits0References2

EUVD•added 3 days ago•6 views

EUVD-2026-33591

5.8AI score0.00051EPSS

Exploits0References2

ATTACKERKB•added 3 days ago•4 views

CVE-2026-42252

9.8CVSS5.8AI score0.00488EPSS

Exploits0References3Affected Software1

Vulnrichment•added 3 days ago•3 views

CVE-2026-42252 Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern

5.8AI score0.00051EPSS

Exploits0References2

Cvelist•added 3 days ago•32 views

CVE-2026-42252 Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern

0.00051EPSS

Exploits0References2

CNNVD•added 3 days ago•3 views

Apache Airflow security vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a security vulnerability in Apache Airflow, whic...

9.1CVSS5.8AI score0.00051EPSS

Exploits0References2

OSV•added 2026/04/21 12:1 p.m.•2 views

BIT-AIRFLOW-2026-30898 Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf

An example of BashOperator in Airflow documentation suggested a way of passing dagrun.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted this incorrect advi...

8.8CVSS5.9AI score0.00028EPSS

Exploits0References4

NVD•added 2026/04/18 7:16 a.m.•0 views

CVE-2026-30898

8.8CVSS0.00028EPSS

Exploits0References3

Cvelist•added 2026/04/18 6:20 a.m.•31 views

CVE-2026-30898 Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf

0.00028EPSS

Exploits0References2

EUVD•added 2026/04/18 6:20 a.m.•2 views

EUVD-2026-23660

5.9AI score0.00028EPSS

Exploits0References2

CVE•added 2026/04/18 6:20 a.m.•25 views

CVE-2026-30898

CVE-2026-30898 concerns Apache Airflow where BashOperator usage documented in DAGs could pass dag_run.conf unsafely, enabling UI user privileges to execute code on workers. The issue arises from an example that could escalate privileges via shell injection-like behavior. The connected OSV entry c...

8.8CVSS5.9AI score0.00028EPSS

Exploits0References3Affected Software1

Positive Technologies•added 2026/04/18 12:0 a.m.•2 views

PT-2026-33592

Name of the Vulnerable Software and Affected Versions Apache Airflow affected versions not specified Description An example of BashOperator in the documentation suggested a method of passing dag run.conf that allows unsanitized user input to be used. This can lead to a privilege escalation where ...

8.8CVSS5.9AI score0.00028EPSS

Exploits0References7

Veracode•added 2022/11/15 6:46 a.m.•19 views

Arbitrary Code Execution

apacheairflow is vulnerable to arbitrary code execution. The vulnerability exists in example DAGs of examplebashoperator.py which allows an attacker to execute arbitrary commands via the manually provided runid parameter...

8.8CVSS9.1AI score0.93305EPSS

Exploits2References6Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by