CVE-2026-46745 Apache Airflow FAB provider: LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...

CVE-2026-46745 Apache Airflow FAB provider: LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...

PT-2026-43033

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-fab versions prior to 3.6.4 Description Apache Airflow FAB Auth Manager is subject to an LDAP filter injection, which occurs when user-supplied input is improperly sanitized before being used in an LDAP filter. This...

CVE-2024-45033

Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged...

CVE-2024-42447

Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB. This issue affects Apache Airflow Providers FAB: 1.2.1 when used with Apache Airflow 2.9.3 and FAB 1.2.0 for all Airflow versions. The FAB provider prevented the user from logging out. FAB provider 1.2.1 only affected...

The vulnerability of the Apache Airflow Fab Provider software, which is used for creating, monitoring, and orchestrating data processing scenarios in Apache Airflow, stems from incorrect session duration settings. This allows attackers to maintain a session in the system.

The vulnerability of the Apache Airflow Fab Provider software, which is used for creating, monitoring, and orchestrating data processing scenarios, is related to incorrect session duration settings. Exploiting this vulnerability allows a malicious actor to maintain a session on the system...

apache-airflow (=2.9.0b2), apache-airflow-providers-common-compat (>=1.0.0 <=1.6.0b1) potentially affected by CVE-2024-45033 via apache-airflow-providers-fab (>=1.0.2b0 <=1.4.1)

apache-airflow-providers-fab PYPI version =1.0.2b0, =1.0.0, =1.6.0b1 Source cves: CVE-2024-45033 Source advisory: SNYK:PYTHON-APACHEAIRFLOWPROVIDERSFAB-8603622...

apache-airflow (=2.9.0b2), apache-airflow-providers-common-compat (>=1.0.0 <=1.6.0b1) potentially affected by CVE-2024-45033 via apache-airflow-providers-fab (>=1.0.2b0 <=1.4.1)

apache-airflow-providers-fab PYPI version =1.0.2b0, =1.0.0, =1.6.0b1 Source cves: CVE-2024-45033 Source advisory: OSV:GHSA-8863-4QMG-FR45...

GHSA-8863-4QMG-FR45 Apache Airflow Fab Provider Insufficient Session Expiration vulnerability

Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged...

Apache Airflow Fab Provider Insufficient Session Expiration vulnerability

Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged...

CVE-2024-45033

Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged...

CVE-2024-45033

CVE-2024-45033 affects Apache Airflow Fab Provider prior to 1.5.2. The root cause is insufficient session expiration: after a user’s password is changed via the admin CLI, the user’s existing sessions are not cleared, allowing continued access even after password changes. This issue is CLI-specif...

CVE-2024-45033 Apache Airflow Fab Provider: Application does not invalidate session after password change via Airflow cli

Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged...