Lucene search
K

25 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.10 views

CVE-2026-40963

The structuredata endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency metadata for other...

3.1CVSS5.5AI score0.00459EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 5:40 a.m.9 views

BIT-AIRFLOW-2026-45426 Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access

Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's str.lstrip to the requested path segment when verifying the JWT's sub...

3.1CVSS5.5AI score0.00344EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/02 10:3 p.m.12 views

CVE-2026-46764

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References1
PyPA
PyPA
added 2026/06/01 9:16 a.m.8 views

PYSEC-0000-CVE-2026-41014

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/01 9:16 a.m.7 views

PYSEC-0000-CVE-2026-41084

A bug in Apache Airflow's bulk Task Instances API PATCH/DELETE /api/v2/dags/dagid/dagRuns/dagrunid/taskInstances evaluated authorization against the dagid resolved from the URL path while operating on the dagid / dagrunid extracted from request-body entity fields. An authenticated UI/API user wit...

7.5CVSS5.8AI score0.00458EPSS
Exploits0References3Affected Software1
PyPA
PyPA
added 2026/06/01 9:16 a.m.11 views

PYSEC-2026-182

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/01 7:53 a.m.35 views

CVE-2026-41014 Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints

The partitioneddagruns endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they were not authorized to...

0.00352EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:45 a.m.10 views

EUVD-2026-33584

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

4.3CVSS5.8AI score0.00352EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/01 7:34 a.m.32 views

CVE-2026-49298 Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments

A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster e.g...

0.00488EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.5 views

CVE-2026-25917

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

7.2CVSS6AI score0.00822EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.10 views

CVE-2026-32690

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to...

3.7CVSS5.8AI score0.00421EPSS
Exploits0References1
OSV
OSV
added 2026/04/18 8:37 a.m.5 views

BIT-AIRFLOW-2026-31987 Apache Airflow: JWT token appearing in logs

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue...

7.5CVSS5.7AI score0.00739EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/18 6:19 a.m.2 views

CVE-2026-32228 Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...

5.7AI score0.00426EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.5 views

PT-2026-33058

Name of the Vulnerable Software and Affected Versions Airflow versions prior to 3.1.8 Description The secrets masker failed to mark the access key and connection string connection properties as sensitive. This allows users with read permissions to view these values in the Connection UI...

6.5CVSS5.8AI score0.00552EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/04/13 2:36 p.m.4 views

CVE-2026-33858

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

8.8CVSS6.1AI score0.00592EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/13 2:36 p.m.24 views

CVE-2026-33858 Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

0.00592EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/13 2:20 p.m.24 views

CVE-2025-66236 Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI

Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though...

0.00439EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 12:10 p.m.1 views

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration through the logout handler in airflow-core/src/airflow/apifastapi/coreapi/routes/public/auth.py and the token validation path in airflow-core/src/airflow/apifastapi/auth/managers/baseauthmanager.py. An...

9.1CVSS5.8AI score0.00667EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/17 10:54 a.m.3 views

CVE-2026-28563

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users are recommended to...

4.3CVSS5.7AI score0.0044EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/24 10:6 a.m.10 views

CVE-2024-56373

DAG Author who already has quite a lot of permissions could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server server-side as a...

6.7AI score0.01134EPSS
Exploits0References3
Rows per page
Query Builder