Lucene search
K

31 matches found

CVE
CVE
added yesterday14 views

CVE-2026-59245

The CVE affects Apache Airflow FAB provider: FAB auth manager. A DAG with dag_id/DAGs collides with the global all-DAGs permission name produced by resource_name(), causing a per-DAG access_control grant on that DAG to silently confer the global all-DAGs permission. This yields privilege escalati...

8.1CVSS6.1AI score
Exploits0References3Affected Software1
NVD
NVD
added last week12 views

CVE-2026-49296

Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Dags co-located in the same source file. GET /api/v2/dagSources/dagid — and the equivalent Dag-source view in the UI — returned the entire source file without redacting Dags the caller was not...

6.5CVSS0.00601EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/07 9:19 a.m.5 views

EUVD-2026-42029

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

6.5CVSS6AI score0.00664EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-38743

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

4.3CVSS5.4AI score0.00352EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 5:40 a.m.10 views

BIT-AIRFLOW-2026-45426 Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access

Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's str.lstrip to the requested path segment when verifying the JWT's sub...

3.1CVSS5.5AI score0.00344EPSS
Exploits0References4
OSV
OSV
added 2026/06/05 5:40 a.m.8 views

BIT-AIRFLOW-2026-41014 Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

4.3CVSS5.5AI score0.00352EPSS
Exploits0References4
NVD
NVD
added 2026/06/01 9:16 a.m.67 views

CVE-2026-46764

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

4.3CVSS0.00352EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/01 9:16 a.m.12 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the str.lstrip function used for validating JWT tokens against Dag IDs. An attacker can gain unauthorized access to other Dags' log data by crafting JWT tokens that exploit character overlap in Dag names. Note...

3.1CVSS5.8AI score0.00344EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/01 9:16 a.m.11 views

PYSEC-0000-CVE-2026-41014

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/01 7:53 a.m.12 views

EUVD-2026-33595

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

5.8AI score0.00352EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 7:53 a.m.5 views

CVE-2026-41014 Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

4.3CVSS6AI score0.00352EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/24 3:32 p.m.9 views

Apache Airflow's authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance record

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/04/24 3:32 p.m.9 views

GHSA-P3V3-229H-MC63 Apache Airflow's authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance record

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References6
NVD
NVD
added 2026/04/24 1:16 p.m.11 views

CVE-2026-38743

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

4.3CVSS0.00352EPSS
Exploits0References3
CVE
CVE
added 2026/04/24 12:36 p.m.27 views

CVE-2026-38743

The CVE-2026-38743 issue affects Apache Airflow’s authenticated /ui/dags endpoint, where per-DAG access control was not enforced for embedded HITL prompts and TaskInstance records. A user with read access to any DAG could access HITL prompts (including request parameters) and full TaskInstance de...

4.3CVSS5.3AI score0.00352EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/24 12:36 p.m.31 views

CVE-2026-38743 Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

0.00352EPSS
Exploits0References2
OSV
OSV
added 2026/04/24 12:36 p.m.4 views

CVE-2026-38743 Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

4.3CVSS5.9AI score0.00352EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.8 views

PT-2026-34876

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

4.3CVSS5.3AI score0.00352EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/18 9:30 a.m.6 views

Apache Airflow allows users with asset materialize permissions to trigger DAGs outside of their permissions

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...

7.5CVSS5.7AI score0.00426EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/18 6:19 a.m.25 views

CVE-2026-32228

CVE-2026-32228 affects Apache Airflow. A UI/API user with asset materialize permission could trigger DAGs to which they have no access. The public description consistently notes that upgrading to Airflow v3.2.0 fixes the issue. No exploitation status or in-the-wild details are provided in the sup...

7.5CVSS5.7AI score0.00426EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder