Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.10 views

PT-2026-56177

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.3.0 Description A bug in the /ui/dependencies scheduling graph endpoint allows an authenticated UI user with read permissions on some Dags to enumerate identifiers of other Dags they are not authorized to rea...

4.3CVSS6.1AI score0.00636EPSS
Exploits0References14
Github Security Blog
Github Security Blog
added 2026/03/17 12:30 p.m.12 views

Apache Airflow: DAG authorization bypass

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users are recommended to...

4.3CVSS5.7AI score0.0044EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/03/17 12:30 p.m.4 views

EUVD-2026-12564

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users are recommended to...

4.3CVSS5.7AI score0.0044EPSS
Exploits0References3
OSV
OSV
added 2026/03/17 12:30 p.m.7 views

GHSA-X3FV-96QH-67M7 Apache Airflow: DAG authorization bypass

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users are recommended to...

4.3CVSS5.8AI score0.0044EPSS
Exploits0References6
CVE
CVE
added 2026/03/17 10:54 a.m.30 views

CVE-2026-28563

CVE-2026-28563 affects Apache Airflow, versions 3.1.0–3.1.7. The /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs, allowing an authenticated user with only the DAG Dependencies permission to enumerate DAGs they are not authorized to view. Roo...

4.3CVSS5.7AI score0.0044EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/17 10:54 a.m.3 views

CVE-2026-28563

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users are recommended to...

4.3CVSS5.7AI score0.0044EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/17 10:54 a.m.36 views

CVE-2026-28563 Apache Airflow: DAG authorization bypass

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users are recommended to...

0.0044EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.4 views

PT-2026-25892

Name of the Vulnerable Software and Affected Versions Apache Airflow versions 3.1.0 through 3.1.7 Description The /ui/dependencies endpoint in Apache Airflow returns the complete DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG...

4.3CVSS5.9AI score0.0044EPSS
Exploits0References28
Rows per page
Query Builder