5 matches found
Remote Code Execution (RCE)
Apache Airflow is vulnerable to Remote Code ExecutionRCE. The vulnerability is due to improper validation in the /api/v2/dagReports endpoint, which allows an attacker to execute DAG code in the context of the API server when DAG files are accessible in the deployment environment...
CVE-2025-62402
API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...
GHSA-273C-4G26-4JPM Apache Airflow `/api/v2/dagReports` executes DAG Python in API
API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...
Apache Airflow `/api/v2/dagReports` executes DAG Python in API
API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...
CVE-2025-62402
Summary: The issue CVE-2025-62402 affects Apache Airflow’s API endpoint /api/v2/dagReports. The root cause is that API users could execute Dag Python code in the API server context when the server has access to DAG files, enabling potential arbitrary code execution on the API server. This is desc...