Lucene search
K

8 matches found

NVD
NVD
added 2026/06/01 9:16 a.m.18 views

CVE-2026-41084

A bug in Apache Airflow's bulk Task Instances API PATCH/DELETE /api/v2/dags/dagid/dagRuns/dagrunid/taskInstances evaluated authorization against the dagid resolved from the URL path while operating on the dagid / dagrunid extracted from request-body entity fields. An authenticated UI/API user wit...

7.5CVSS0.00458EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/24 3:32 p.m.8 views

Apache Airflow's asset dependency graph did not restrict nodes by the viewer's DAG read permissions

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/02/09 12:30 p.m.8 views

Apache Airflow UI Exposes DAG Import Errors to Unauthorized Authenticated Users

Impact Exposure of Sensitive Information: An information disclosure vulnerability exists in the Apache Airflow UI that allows authenticated users to view Import Errors for DAGs they are not authorized to access. In affected versions, the Import Errors view does not correctly filter errors based o...

6.5CVSS5.7AI score0.00739EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/09 11:16 a.m.3 views

CVE-2026-24098

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...

6.5CVSS5.8AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/09 10:32 a.m.2 views

CVE-2026-24098 Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...

5.8AI score0.00739EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/09 10:32 a.m.30 views

CVE-2026-24098 Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...

0.00739EPSS
Exploits0References2
CVE
CVE
added 2026/02/09 10:32 a.m.15 views

CVE-2026-24098

CVE-2026-24098 affects Apache Airflow versions before 3.1.7. Authenticated UI users with permission to one or more Dags can view import errors generated by other Dags they should not access. The issue is remedied by upgrading to Airflow 3.1.7 or later; no further exploit details are provided in t...

6.5CVSS5.8AI score0.00739EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2023/12/21 10:15 a.m.5 views

PYSEC-2023-265

Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to...

6.5CVSS6.5AI score0.018EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder