3 matches found
CVE-2026-49297
The CVE-2026-49297 issue affects Apache Airflow's Google provider, specifically GCSToSFTPOperator and GCSTimeSpanFileTransformOperator. The bug stems from joining GCS object names returned by the bucket listing API directly to a destination filesystem path without normalization or containment che...
CVE-2026-49297 Apache Airflow Google provider: Path traversal via GCS object names → local/SFTP filesystem (GCSToSFTPOperator + GCSTimeSpanFileTransformOperator)
Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...
CVE-2026-49818 Apache Airflow Samba provider: Path traversal in GCSToSambaOperator via GCS object names
The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...