PT-2026-7823

CVE-2026-25976 - Apache HTTP Server Denial of Service CVE ID : CVE-2026-25976 Published : 2026年2月10日 05:16 | 1 小时，59 分钟 ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-7821

CVE-2026-25974 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-25974 Published : 2026年2月10日 05:16 | 1 小时，59 分钟 ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

PT-2026-7826

CVE-2026-25979 - Apache HTTP Server Unvalidated User Input CVE ID : CVE-2026-25979 Published : 2026年2月10日 05:16 | 1 小时，59 分钟 ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

Linux Distros Unpatched Vulnerability : CVE-2026-23903

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Authentication Bypass by Alternate Name vulnerability in Apache Shiro. This issue affects Apache Shiro: before 2.0.7. Users are recommended to upgrade to versio...

apache-airflow-core (>=3.1.0 <=3.1.6), apache-airflow-providers-common-compat (>=1.6.0 <=1.7.3rc1) +14 more potentially affected by CVE-2026-22922 via apache-airflow (>=3.1.0 <=3.1.6)

apache-airflow PYPI version =3.1.0, =3.1.0, =1.6.0, =1.5.3, =1.26.0, =2.0.2, =0.4.0, =1.1.0, =12.0.0, =7.0.0, =1.15.0, =0.34.0, =1.9.0, =1.37.0, =1.26.0, =1.26.8 and more Source cves: CVE-2026-22922 Source advisory: OSV:GHSA-PM44-X5X7-24C4...

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +155 more potentially affected by CVE-2026-24098 via apache-airflow (>=1.8.2 <=3.1.6)

apache-airflow PYPI version =1.8.2, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.6.4 and more Source cves: CVE-2026-24098 Source advisory: OSV:GHSA-5G2W-9F8G-G5Q7...

cc.eamon.open:auth (=0.0.2), cloud.opencode.base:opencode-base-token (=1.0.0) +885 more potentially affected by CVE-2026-23903 via org.apache.shiro:shiro-spring (>=1.0.0-incubating <=2.0.6)

org.apache.shiro:shiro-spring MAVEN version =1.0.0-incubating, =1.0.0, =1.0.0, =1.0, =1.0, =1.0.3 and more Source cves: CVE-2026-23903 Source advisory: OSV:GHSA-C244-P6M5-VQJ6...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +28 more potentially affected by CVE-2026-24098 via apache-airflow-core (>=3.0.0 <=3.1.7)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =0.0.4, =2.0.2, =2.3.0rc1 and more Source cves: CVE-2026-24098 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-15267373...

Apache Shiro has an Authentication Bypass

Impact Authentication Bypass: A vulnerability exists in Apache Shiro that allows authentication bypass for static files when served from a case-insensitive filesystem such as the default configuration on macOS or Windows. The issue arises when Shiro's URL filters are configured with lower-case...

apache-airflow (>=3.1.0b1 <=3.1.7), apache-airflow-providers-common-compat (>=1.6.0rc1 <=1.7.3rc1) +14 more potentially affected by CVE-2026-22922 via apache-airflow-core (>=3.1.0b1 <=3.1.7)

apache-airflow-core PYPI version =3.1.0b1, =3.1.0b1, =1.6.0rc1, =1.5.3rc1, =1.26.0rc1, =2.0.2rc1, =0.4.0rc1, =1.1.0b1, =12.0.0, =7.0.0, =1.15.0, =0.34.0, =1.9.0, =1.37.0, =1.26.0, =1.26.18rc1 and more Source cves: CVE-2026-22922 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-15267374...

GHSA-PM44-X5X7-24C4 Apache Airflow Has an Authorization Bypass That Allows Unauthorized Task Log Access

Vulnerability Overview An authorization bypass vulnerability exists in Apache Airflow that allows authenticated users to access task execution logs without the required permissions. The Flaw The vulnerability affects environments using custom roles or granular permission settings. Normally, Airfl...

GHSA-C244-P6M5-VQJ6 Apache Shiro has an Authentication Bypass

Impact Authentication Bypass: A vulnerability exists in Apache Shiro that allows authentication bypass for static files when served from a case-insensitive filesystem such as the default configuration on macOS or Windows. The issue arises when Shiro's URL filters are configured with lower-case...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +28 more potentially affected by CVE-2026-24098 via apache-airflow (>=3.0.0 <=3.1.6)

apache-airflow PYPI version =3.0.0, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =0.0.4, =2.0.2, =2.3.0rc1 and more Source cves: CVE-2026-24098 Source advisory: OSV:PYSEC-2026-12...

CVE-2026-24098

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...

CVE-2026-24098

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...

PYSEC-2026-11

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...

CVE-2026-22922

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...

PYSEC-2026-11

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...

CVE-2026-24098 Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...

CVE-2026-24098

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue...