Lucene search
K

8 matches found

PyPA
PyPA
added 2026/06/01 9:16 a.m.25 views

PYSEC-2026-181

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

6.5CVSS5.9AI score0.00665EPSS
Exploits0References4Affected Software1
PyPA
PyPA
added 2026/06/01 9:16 a.m.9 views

PYSEC-0000-CVE-2026-40861

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

6.5CVSS5.9AI score0.00665EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/01 9:16 a.m.8 views

PYSEC-2026-181

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

6.5CVSS5.9AI score0.00665EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/01 7:55 a.m.14 views

EUVD-2026-33598

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

5.9AI score0.00665EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:55 a.m.9 views

CVE-2026-40861

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

5.9AI score0.00665EPSS
Exploits0References3
OSV
OSV
added 2026/06/01 7:55 a.m.2 views

CVE-2026-40861 Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a taskid containing .. sequences accepted by the Task SDK's KEYREGEX write-path attack, and...

6.5CVSS6AI score0.00665EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.13 views

PT-2026-45974

A Dag author could either a create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process read-path attack — e.g. /etc/passwd or airflow.cfg or b supply a task id containing .. sequences accepted by the Task SDK's KEY REGEX write-path attack, a...

6.5CVSS5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.15 views

PT-2026-45363

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2 Description A flaw in the FileTaskHandler allows a DAG author to access or modify files outside the configured base log folder when the worker log folder is shared with the API server. This can be achieve...

6.5CVSS5.5AI score0.00665EPSS
Exploits0References8
Rows per page
Query Builder