8 matches found
Apache Airflow < 3.2.0 Multiple Vulnerabilities
The version of Apache Airflow installed on the remote host is prior to 3.2.0. It is, therefore, affected by multiple vulnerabilities, including: - DAG authors who normally should not be able to execute code in the webserver context can craft an XCom payload causing the webserver to execute...
CVE-2026-32228
UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...
GHSA-H97W-PM3W-MWMC Apache Airflow allows users with asset materialize permissions to trigger DAGs outside of their permissions
UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...
Apache Airflow allows users with asset materialize permissions to trigger DAGs outside of their permissions
UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...
CVE-2026-32228
UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...
EUVD-2026-23664
UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...
CVE-2026-32228
UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...
PT-2026-33594
Name of the Vulnerable Software and Affected Versions Airflow versions prior to 3.2.0 Description A user with asset materialize permission via the UI or API can trigger DAGs Directed Acyclic Graphs, which are collections of all the tasks you want to run, organized in a way that reflects their...