Lucene search
K

4 matches found

NVD
NVD
added 2026/06/01 9:16 a.m.15 views

CVE-2026-40963

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

3.1CVSS0.00459EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:54 a.m.9 views

CVE-2026-40963

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

5.8AI score0.00459EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 7:54 a.m.12 views

CVE-2026-40963 Apache Airflow: DAG authorization bypass on /ui/structure/structure_data

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

5.8AI score0.00459EPSS
Exploits0References2
Circl
Circl
added 2026/05/31 12:14 p.m.14 views

CVE-2026-40963

creationtimestamp| type| source ---|---|--- 2026-05-31 12:14:16+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5k45qeba2b...

3.1CVSS5.8AI score0.00459EPSS
Exploits0References1
Rows per page
Query Builder