Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.7 views

PT-2026-32404

Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security mode...

6.5CVSS6AI score0.00685EPSS
Exploits0References5
OSV
OSV
added 2026/04/09 9:9 a.m.1 views

CVE-2026-34538 Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)

Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security mode...

6.5CVSS6AI score0.00685EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/09 9:9 a.m.3 views

CVE-2026-34538 Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)

Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security mode...

6AI score0.00685EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Versions of Apache Airflow from 3.0.0 to 3.1.8 contain...

6.5CVSS5.8AI score0.00685EPSS
Exploits0References3
Rows per page
Query Builder