Lucene search
K

108 matches found

Snyk
Snyk
added last week5 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the GET /api/v2/dagSources/dagid endpoint, which returns the entire source file containing multiple DAGs without redacting those the user is not authorized to access. An attacker can...

7.1CVSS6AI score0.00601EPSS
Exploits0References2
OSV
OSV
added last week2 views

CVE-2026-49296 Apache Airflow: Per-DAG read bypass discloses co-located DAGs' source via GET /api/v2/dagSources/{dag_id}

Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Dags co-located in the same source file. GET /api/v2/dagSources/dagid — and the equivalent Dag-source view in the UI — returned the entire source file without redacting Dags the caller was not...

6.5CVSS5.9AI score0.00601EPSS
Exploits0References6
Cvelist
Cvelist
added last week34 views

CVE-2026-49296 Apache Airflow: Per-DAG read bypass discloses co-located DAGs' source via GET /api/v2/dagSources/{dag_id}

Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Dags co-located in the same source file. GET /api/v2/dagSources/dagid — and the equivalent Dag-source view in the UI — returned the entire source file without redacting Dags the caller was not...

0.00601EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-49296

Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Dags co-located in the same source file. GET /api/v2/dagSources/dagid — and the equivalent Dag-source view in the UI — returned the entire source file without redacting Dags the caller was not...

6.5CVSS5.9AI score0.00601EPSS
Exploits0References3Affected Software1
CVE
CVE
added last week15 views

CVE-2026-49296

CVE-2026-49296 (Apache Airflow) : Affected versions before 3.3.0 expose the full source of co-located DAGs when reading a single DAG via GET /api/v2/dagSources/{dag_id} or the UI view, bypassing per-DAG read controls. This can disclose multiple DAG sources from the same file to authorized readers...

6.5CVSS5.9AI score0.00601EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.7 views

PT-2026-56179

Name of the Vulnerable Software and Affected Versions apache-airflow versions prior to 3.3.0 Description An authorization bypass occurs when a user with permission to read a specific Dag can disclose the source code of other Dags located within the same source file. This issue affects deployments...

6.5CVSS5.9AI score0.00601EPSS
Exploits0References12
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-773 Remote code execution in Apache Airflow Docker's Provider

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host. Disable loading of example DAGs or upgrade apache-airflow-providers-docker to 3.0.0 or above...

8.8CVSS6.3AI score0.01602EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.11 views

CVE-2026-40963

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

3.1CVSS5.5AI score0.00459EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 9:16 a.m.15 views

CVE-2026-40963

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

3.1CVSS0.00459EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/01 7:54 a.m.12 views

CVE-2026-40963 Apache Airflow: DAG authorization bypass on /ui/structure/structure_data

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

5.8AI score0.00459EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:54 a.m.9 views

CVE-2026-40963

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

5.8AI score0.00459EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/01 7:54 a.m.26 views

CVE-2026-40963

The CVE-2026-40963 issue affects the Apache Airflow UI’s /ui/structure/structure_data endpoint. It allows an authenticated user with access to one Dag to enumerate dependency graph nodes and related metadata for other Dags for which they lack read permissions, leaking topology across teams when p...

3.1CVSS5.8AI score0.00459EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/01 7:54 a.m.34 views

CVE-2026-40963 Apache Airflow: DAG authorization bypass on /ui/structure/structure_data

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

0.00459EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:58 p.m.11 views

CVE-2026-42572

Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/14 4:58 p.m.44 views

CVE-2026-42572 Hatchet: Cross-tenant information disclosure in `listTasksByDAGIds`

Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any...

5.3CVSS0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 4:58 p.m.12 views

EUVD-2026-30339

Hatchet is a platform for orchestrating background tasks, AI agents, and durable workflows at scale. Prior to 0.83.39, a missing authorization directive on the GET /api/v1/stable/dags/tasks endpoint caused Hatchet's tenant-membership check to be skipped for this route. A user authenticated to any...

5.3CVSS5.8AI score0.00181EPSS
Exploits0References1
CVE
CVE
added 2026/05/14 4:58 p.m.21 views

CVE-2026-42572

Hatchet’s CVE-2026-42572 describes a cross-tenant information disclosure in GET /api/v1/stable/dags/tasks due to a missing authorization directive. The underlying cause: the listTasksByDAGIds operation did not declare x-resources: ["tenant"], allowing a user authenticated to one tenant to supply ...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/04/24 3:32 p.m.9 views

Insufficient Granularity of Access Control

Overview Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the /ui/dags endpoint, which fails to enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records. An attacker can access sensitive HITL prompts and TaskInstan...

5.3CVSS5.8AI score0.00352EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/24 3:32 p.m.9 views

Apache Airflow's authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance record

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/24 12:36 p.m.2 views

CVE-2026-38743 Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities

The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop HITL and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts including their request parameters and full TaskInstance details for DA...

5.3AI score0.00352EPSS
Exploits0References2
Rows per page
Query Builder