Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.11 views

CVE-2026-49818

The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...

6.5CVSS5.6AI score0.00695EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 9:16 a.m.13 views

CVE-2026-49818

The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...

6.5CVSS0.00695EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 9:16 a.m.5 views

PYSEC-2026-208

The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...

6.5CVSS5.5AI score0.00695EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/09 9:16 a.m.6 views

PYSEC-2026-208

The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...

6.5CVSS5.5AI score0.00695EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 7:42 a.m.8 views

CVE-2026-49818 Apache Airflow Samba provider: Path traversal in GCSToSambaOperator via GCS object names

The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...

5.6AI score0.00695EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 7:42 a.m.36 views

CVE-2026-49818 Apache Airflow Samba provider: Path traversal in GCSToSambaOperator via GCS object names

The Apache Airflow Samba provider's GCSToSambaOperator joined GCS object names to the SMB destination path without a containment check, so an object named with ../ segments resolved a write path outside the configured destinationpath. An attacker able to write objects into the source GCS bucket —...

0.00695EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.13 views

Apache Airflow 路径遍历漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. There is a path traversal vulnerability in the Apache...

6.5CVSS5.4AI score0.00695EPSS
Exploits0References2
Rows per page
Query Builder