4 matches found
CVE-2026-40963
The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...
CVE-2026-40963
The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...
CVE-2026-40963 Apache Airflow: DAG authorization bypass on /ui/structure/structure_data
The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...
CVE-2026-40963
creationtimestamp| type| source ---|---|--- 2026-05-31 12:14:16+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5k45qeba2b...