Lucene search
K

5 matches found

Veracode
Veracode
added 2026/02/23 8:5 a.m.7 views

Remote Code Execution (RCE)

Apache Airflow is vulnerable to Remote Code ExecutionRCE. The vulnerability is due to improper validation in the /api/v2/dagReports endpoint, which allows an attacker to execute DAG code in the context of the API server when DAG files are accessible in the deployment environment...

5.4CVSS5.8AI score0.00476EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2025/10/31 10:10 a.m.18 views

CVE-2025-62402

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

5.4CVSS7.6AI score0.00476EPSS
Exploits0References1
OSV
OSV
added 2025/10/30 12:31 p.m.3 views

GHSA-273C-4G26-4JPM Apache Airflow `/api/v2/dagReports` executes DAG Python in API

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

5.4CVSS6.3AI score0.00476EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 p.m.8 views

Apache Airflow `/api/v2/dagReports` executes DAG Python in API

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

5.4CVSS7.7AI score0.00476EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2025/10/30 9:14 a.m.55 views

CVE-2025-62402

Summary: The issue CVE-2025-62402 affects Apache Airflow’s API endpoint /api/v2/dagReports. The root cause is that API users could execute Dag Python code in the API server context when the server has access to DAG files, enabling potential arbitrary code execution on the API server. This is desc...

5.4CVSS7.2AI score0.00476EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder