Lucene search
K

4 matches found

NVD
NVD
added 4 hours ago6 views

CVE-2026-49297

Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...

Exploits0References3
CVE
CVE
added 5 hours ago10 views

CVE-2026-49297

The CVE-2026-49297 issue affects Apache Airflow's Google provider, specifically GCSToSFTPOperator and GCSTimeSpanFileTransformOperator. The bug stems from joining GCS object names returned by the bucket listing API directly to a destination filesystem path without normalization or containment che...

6.1AI score
Exploits0References3
Cvelist
Cvelist
added 5 hours ago6 views

CVE-2026-49297 Apache Airflow Google provider: Path traversal via GCS object names → local/SFTP filesystem (GCSToSFTPOperator + GCSTimeSpanFileTransformOperator)

Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...

Exploits0References2
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-41869

Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...

6.1AI score
Exploits0References2
Rows per page
Query Builder