Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/02/10 1:23 p.m.3 views

CVE-2026-24098

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...

6.5CVSS5.8AI score0.00739EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/02/09 12:30 p.m.5 views

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +156 more potentially affected by CVE-2026-24098 via apache-airflow (>=1.8.2 <=3.1.6)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.6.4 and more Source cves: CVE-2026-24098 Source advisory: OSV:GHSA-5G2W-9F8G-G5Q7...

6.5CVSS5.7AI score0.00739EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/02/09 12:30 p.m.8 views

Apache Airflow UI Exposes DAG Import Errors to Unauthorized Authenticated Users

Impact Exposure of Sensitive Information: An information disclosure vulnerability exists in the Apache Airflow UI that allows authenticated users to view Import Errors for DAGs they are not authorized to access. In affected versions, the Import Errors view does not correctly filter errors based o...

6.5CVSS5.7AI score0.00739EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2026/02/09 11:16 a.m.4 views

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +29 more potentially affected by CVE-2026-24098 via apache-airflow (>=3.0.0 <=3.1.6)

apache-airflow PYPI version =3.0.0, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =0.0.4, =2.0.2, =2.3.0rc1 and more Source cves: CVE-2026-24098 Source advisory: OSV:PYSEC-2026-12...

6.5CVSS5.7AI score0.00739EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/02/09 10:32 a.m.5 views

CVE-2026-24098

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...

6.5CVSS5.8AI score0.00739EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder