Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.12 views

CVE-2026-33858

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

8.8CVSS5.9AI score0.00592EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.16 views

PT-2026-45371

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A bug in the XCom PATCH endpoint "PATCH /api/v2/xcomEntries/key" allows an authenticated UI/API user with XCom write permission on a Dag to set XCom entries using reserved key names, such as...

8.8CVSS5.7AI score0.0055EPSS
Exploits0References8
vulnersOsv
vulnersOsv
added 2026/04/13 4:12 p.m.6 views

airflow-clickhouse-plug (=1.6.2), airflow-clickhouse-plugin (=1.6.0) +19 more potentially affected by CVE-2026-33858 via apache-airflow-core (>=3.1.8 <=3.2.0b2)

apache-airflow-core PYPI version =3.1.8, =0.6.0, =0.2.0, =3.1.8, =1.0.2, =0.0.13, =10.13.0, =1.1.8, =0.0.4, =0.1.0, =12.9.0, =7.1.0, =1.15.20, =1.2.4, =1.6.6rc1 and more Source cves: CVE-2026-33858 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16032065...

8.8CVSS5.7AI score0.00592EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/13 3:31 p.m.6 views

airflow-clickhouse-plug (=1.6.2), airflow-clickhouse-plugin (=1.6.0) +19 more potentially affected by CVE-2026-33858 via apache-airflow (=3.1.8)

apache-airflow PYPI version =3.1.8 is affected by a known vulnerability. The following packages have a transitive dependency on apache-airflow and may be impacted: - airflow-clickhouse-plug =1.6.2 - airflow-clickhouse-plugin =1.6.0 - airflow-dbt-winwin =0.6.0, =0.2.0, =1.0.2, =0.0.13, =10.13.0,...

8.8CVSS5.7AI score0.00592EPSS
Exploits0
Rows per page
Query Builder