51 matches found
CVE-2026-59245 Apache Airflow FAB provider: FAB auth manager: a DAG named "DAGs" hijacks the global all-DAGs permission (access_control privilege escalation via resource_name() collision)
In the Apache Airflow FAB auth manager, a DAG whose dagid is DAGs collided with the global all-DAGs permission resource name produced by resourcename, so a user granted per-DAG accesscontrol on that one DAG was silently granted the global all-DAGs permission privilege escalation. The escalation...
PYSEC-2026-1148 Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider. The FTP hook lacks complete certificate validation in FTPTLS connections, which can potentially be leveraged. Implementing proper certificate validation by passing context=ssl.createdefaultcontext during FTPTLS...
CVE-2026-49297
Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...
EUVD-2026-39627
The Apache Airflow FTP provider's FTPSHook.getconn created an ftplib.FTPTLS connection but never called protp, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using FTPSHook or FTPSFileTransmitOperator to move files over FTPS exposed...
Relative Path Traversal
Overview apache-airflow-providers-sftp is a Provider package apache-airflow-providers-sftp for Apache Airflow Affected versions of this package are vulnerable to Relative Path Traversal via the SFTPHook.retrievedirectory and SFTPHook.retrievedirectoryconcurrently functions. An attacker can cause...
CVE-2026-50203 Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory allows local file write outside the destination directory via malicious server-supplied directory-entry names
A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...
ROOT-APP-PYPI-CVE-2023-25956 CVE-2023-25956 in rootio-apache-airflow-providers-amazon - Patched by Root
Root has patched CVE-2023-25956 in the rootio-apache-airflow-providers-amazon package for Root:PyPI. Multiple fixed versions available...
ROOT-APP-PYPI-CVE-2023-22884 CVE-2023-22884 in rootio-apache-airflow-providers-mysql - Patched by Root
Root has patched CVE-2023-22884 in the rootio-apache-airflow-providers-mysql package for Root:PyPI. Multiple fixed versions available...
CVE-2026-46745
Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...
GHSA-G9V5-GJWF-9RWX Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default
Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...
Key Exchange without Entity Authentication
Overview apache-airflow-providers-google is a Provider for Apache Airflow. Implements apache-airflow-providers-google package Affected versions of this package are vulnerable to Key Exchange without Entity Authentication due to SSH host key verification being disabled by default in the...
CVE-2026-46745
The CVE-2026-46745 issue affects the Apache Airflow FAB provider’s FAB Auth Manager, specifically an LDAP filter injection in the _search_ldap path reachable via /auth/token. The vulnerability arises from insufficient input sanitization in LDAP filters, enabling unauthenticated attackers to exfil...
PYSEC-0000-CVE-2026-45361
Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...
PYSEC-2026-166
Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...
Incorrect Authorization
Overview apache-airflow-providers-amazon is a Provider for Apache Airflow. Implements apache-airflow-providers-amazon package Affected versions of this package are vulnerable to Incorrect Authorization in the team-scoping logic. An attacker can access secrets belonging to other teams by crafting ...
Insertion of Sensitive Information into Externally-Accessible File or Directory
Overview apache-airflow-providers-cncf-kubernetes is a Provider for Apache Airflow. Implements apache-airflow-providers-cncf-kubernetes package Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the exposure of J...
airflow-add-ons (>=0.2.4 <=0.2.9b2), airflow-aws-shared-secrets (>=0.0.1 <=0.0.5) +11 more potentially affected by CVE-2026-42526 via apache-airflow-providers-amazon (>=1.4.0 <=9.17.0)
apache-airflow-providers-amazon PYPI version =1.4.0, =0.2.4, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.0.3, =0.0.4, =0.0.0, =2.10.3, =14.4.0, =0.0.1, =0.0.1rc1, =2.10.7, =2.10.11rc5 Source cves: CVE-2026-42526 Source advisory: OSV:GHSA-G9QC-QF28-HHQX...
CVE-2026-42526
In the AWS Secrets Manager and SSM Parameter Store secrets backends of apache-airflow-providers-amazon prior to 9.28.0, the team-scoping logic could resolve a connid containing a / e.g. "myteam/conn" to the same path as another team's team-scoped secret when the caller had no team context. A...
CVE-2026-42526
The CVE-2026-42526 vulnerability affects apache-airflow-providers-amazon backends for AWS Secrets Manager and SSM Parameter Store prior to 9.28.0. The team-scoping logic could resolve a conn_id containing a slash (for example a_team/conn) to the same path as another team’s secret when the caller ...
PT-2026-42004
Name of the Vulnerable Software and Affected Versions apache-airflow-providers-amazon versions prior to 9.28.0 Description In the AWS Secrets Manager and SSM Parameter Store secrets backends, the team-scoping logic could resolve a conn id containing a / for example, "my team/conn" to the same pat...