Lucene search
K

561 matches found

OSV
OSV
added 2026/06/01 9:16 a.m.8 views

PYSEC-2026-183

A bug in Apache Airflow's bulk Task Instances API PATCH/DELETE /api/v2/dags/dagid/dagRuns/dagrunid/taskInstances evaluated authorization against the dagid resolved from the URL path while operating on the dagid / dagrunid extracted from request-body entity fields. An authenticated UI/API user wit...

7.5CVSS5.8AI score0.00458EPSS
Exploits0References4
PyPA
PyPA
added 2026/06/01 9:16 a.m.25 views

PYSEC-2026-181

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

6.5CVSS5.9AI score0.00665EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/01 7:54 a.m.3 views

CVE-2026-40963 Apache Airflow: DAG authorization bypass on /ui/structure/structure_data

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

3.1CVSS6AI score0.00459EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/01 7:54 a.m.13 views

EUVD-2026-33596

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

3.1CVSS5.8AI score0.00459EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 7:54 a.m.28 views

CVE-2026-40963

The CVE-2026-40963 issue affects the Apache Airflow UI’s /ui/structure/structure_data endpoint. It allows an authenticated user with access to one Dag to enumerate dependency graph nodes and related metadata for other Dags for which they lack read permissions, leaking topology across teams when p...

3.1CVSS5.8AI score0.00459EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 7:53 a.m.12 views

CVE-2026-41014 Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

5.8AI score0.00352EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:53 a.m.12 views

EUVD-2026-33595

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

5.8AI score0.00352EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:53 a.m.9 views

CVE-2026-41014

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

5.8AI score0.00352EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/01 7:53 a.m.38 views

CVE-2026-41014 Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

0.00352EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 7:53 a.m.5 views

CVE-2026-41014 Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

4.3CVSS6AI score0.00352EPSS
Exploits0References6
CVE
CVE
added 2026/06/01 7:53 a.m.30 views

CVE-2026-41014

Apache Airflow vulnerability CVE-2026-41014 affects the partitioned_dag_runs endpoints in the UI. The issue arises from enforcing only asset-level access control, enabling an authenticated UI/API user with global Asset:read permission to enumerate partition run state, schedule configuration, and ...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/01 7:51 a.m.17 views

EUVD-2026-33592

A bug in Apache Airflow's bulk Task Instances API PATCH/DELETE /api/v2/dags/dagid/dagRuns/dagrunid/taskInstances evaluated authorization against the dagid resolved from the URL path while operating on the dagid / dagrunid extracted from request-body entity fields. An authenticated UI/API user wit...

5.8AI score0.00458EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:51 a.m.10 views

CVE-2026-41084

A bug in Apache Airflow's bulk Task Instances API PATCH/DELETE /api/v2/dags/dagid/dagRuns/dagrunid/taskInstances evaluated authorization against the dagid resolved from the URL path while operating on the dagid / dagrunid extracted from request-body entity fields. An authenticated UI/API user wit...

5.8AI score0.00458EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/01 7:51 a.m.3 views

CVE-2026-41084 Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation

A bug in Apache Airflow's bulk Task Instances API PATCH/DELETE /api/v2/dags/dagid/dagRuns/dagrunid/taskInstances evaluated authorization against the dagid resolved from the URL path while operating on the dagid / dagrunid extracted from request-body entity fields. An authenticated UI/API user wit...

7.5CVSS6AI score0.00458EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/01 7:51 a.m.12 views

CVE-2026-41084 Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation

A bug in Apache Airflow's bulk Task Instances API PATCH/DELETE /api/v2/dags/dagid/dagRuns/dagrunid/taskInstances evaluated authorization against the dagid resolved from the URL path while operating on the dagid / dagrunid extracted from request-body entity fields. An authenticated UI/API user wit...

5.8AI score0.00458EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 7:51 a.m.26 views

CVE-2026-41084

CVE-2026-41084: Apache Airflow bug in the bulk Task Instances API (PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances) evaluated authorization from the URL dag_id while operating on dag_id/dag_run_id from the request body. An authenticated user with edit permission on one Dag c...

7.5CVSS5.8AI score0.00458EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 7:51 a.m.9 views

CVE-2026-42252 Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

5.8AI score0.00369EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:51 a.m.9 views

CVE-2026-42252

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

9.8CVSS5.8AI score0.00797EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/01 7:51 a.m.41 views

CVE-2026-42252 Apache Airflow: BashOperator Jinja2 injection via dag_run.conf — low-privilege user pattern

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

0.00369EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:51 a.m.18 views

EUVD-2026-33591

Apache Airflow's official documentation at core-concepts/dag-run.html "Passing Parameters when triggering Dags" showed a verbatim BashOperatorbashcommand="echo value: dagrun.conf'conf1' " example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into...

5.8AI score0.00369EPSS
Exploits0References2
Rows per page
Query Builder