Incorrect Resource Transfer Between Spheres

Overview apache-airflow-providers-edge3 is a Provider package apache-airflow-providers-edge3 for Apache Airflow Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres via the Edge3 Worker RPC. An attacker can execute arbitrary code in the web-server contex...

EUVD-2025-203888

Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context...

GHSA-66H8-3G48-6HX8 Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if projects installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if projects installed a...

Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if projects installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if projects installed a...

CVE-2025-67895

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and...

PYSEC-2025-87

Edge3 Worker RPC RCE on Airflow 2.This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2.The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and configure...

PYSEC-2025-87

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and...

CVE-2025-67895 Apache Airflow Providers Edge3: Edge3 Worker RPC RCE on Airflow 2

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and...

CVE-2025-67895 Apache Airflow Providers Edge3: Edge3 Worker RPC RCE on Airflow 2

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and...

CVE-2025-67895

CVE-2025-67895 describes an RCE in Airflow via the Edge3 Worker RPC when the Edge3 provider is installed and configured on Airflow 2 (before 2.0.0). The issue arises from a non-public API used during development that Dag authors could exploit to execute code in the webserver context. Publicly rel...

PT-2025-51824

Name of the Vulnerable Software and Affected Versions Apache Airflow Providers Edge3 versions prior to 2.0.0 Description The Edge3 provider for Apache Airflow 2 contains an issue that allows a Dag author to perform Remote Code Execution RCE in the webserver context through a non-public API. This...