3 matches found
Remote Code Execution (RCE)
apacheairflow is vulnerable to remote code execution. The vulnerability is due to insufficient validation in the /api/v2/dagReports API endpoint, which allows an attacker with API access to trigger DAG code execution in the context of the API server when DAG files are present in the deployment...
Execution with Unnecessary Privileges
Overview Affected versions of this package are vulnerable to Execution with Unnecessary Privileges via the /api/v2/dagReports endpoint. An attacker can execute arbitrary code in the context of the API server by submitting malicious DAG code through the API. Note: This is only exploitable if the A...
CVE-2025-62402
Summary: The issue CVE-2025-62402 affects Apache Airflow’s API endpoint /api/v2/dagReports. The root cause is that API users could execute Dag Python code in the API server context when the server has access to DAG files, enabling potential arbitrary code execution on the API server. This is desc...