Lucene search
K

4 matches found

NVD
NVD
added 2026/06/01 9:16 a.m.14 views

CVE-2026-41017

Apache Airflow's JWTRefreshMiddleware set the JWT auth cookie without the Secure flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy e.g. nginx / Envoy / a managed load balancer that terminates TLS and forwards plaintext to the API server, the default...

5.9CVSS0.00265EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/06/01 9:16 a.m.6 views

acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.7.0.1rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +464 more potentially affected by CVE-2026-41017 via apache-airflow-core (>=3.0.0 <=3.2.2)

apache-airflow-core PYPI version =3.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-41017 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-17132622...

5.9CVSS5.7AI score0.00265EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:52 a.m.13 views

CVE-2026-41017

Apache Airflow's JWTRefreshMiddleware set the JWT auth cookie without the Secure flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy e.g. nginx / Envoy / a managed load balancer that terminates TLS and forwards plaintext to the API server, the default...

5.9AI score0.00265EPSS
Exploits0References3Affected Software1
Circl
Circl
added 2026/05/31 12:38 p.m.11 views

CVE-2026-41017

creationtimestamp| type| source ---|---|--- 2026-05-31 12:38:39+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mn5lhr4e5z23...

5.9CVSS5.7AI score0.00265EPSS
Exploits0References1
Rows per page
Query Builder