Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/04/18 6:19 a.m.3 views

CVE-2026-32228 Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...

5.7AI score0.00426EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/13 2:36 p.m.27 views

CVE-2026-33858 Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

0.00592EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 2:36 p.m.4 views

CVE-2026-33858

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

8.8CVSS6.1AI score0.00592EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/13 2:20 p.m.26 views

CVE-2025-66236 Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI

Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though...

0.00439EPSS
Exploits0References2
Rows per page
Query Builder