Lucene search
K

8 matches found

NVD
NVD
added 5 hours ago5 views

CVE-2026-48828

The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...

6.5CVSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 hours ago3 views

CVE-2026-48828

The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...

6.5CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added 6 hours ago7 views

CVE-2026-48828 Apache Airflow: Bulk JSON Variables bypass should_hide_value_for_key - redact() called without the key

The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...

Exploits0References2
EUVD
EUVD
added 6 hours ago6 views

EUVD-2026-42028

The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...

6.5CVSS6AI score
Exploits0References2
CVE
CVE
added 6 hours ago7 views

CVE-2026-48828

The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based shouldhidevalueforkey check which triggers on secret-suffixed key names like password / token / secret could not fire for JSON-decodable variable values. An authenticated UI/API user...

6.5CVSS6AI score
Exploits0References3
NVD
NVD
added 2026/04/18 7:16 a.m.5 views

CVE-2026-32690

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to...

3.7CVSS0.00421EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/18 6:22 a.m.7 views

CVE-2026-32690 Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to...

5.8AI score0.00421EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/18 6:22 a.m.5 views

CVE-2026-32690

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to...

5.8AI score0.00421EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder