Lucene search
K

6 matches found

OSV
OSV
added 2026/06/05 5:40 a.m.6 views

BIT-AIRFLOW-2026-42358 Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

6.5CVSS5.4AI score0.00335EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/01 7:49 a.m.8 views

CVE-2026-42358 Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

5.8AI score0.00335EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/01 7:49 a.m.39 views

CVE-2026-42358 Apache Airflow: Variable masker depth-limit bypass returns cleartext nested secrets

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

0.00335EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 7:49 a.m.17 views

CVE-2026-42358

Summary (CVE-2026-42358): In Apache Airflow, the Variable response masker can bypass nested-key redaction when JSON values are deeply nested. Keys ending with secret-like suffixes (password, token, secret, api_key) could have their plaintext values exposed if nesting depth exceeds the masker's re...

6.5CVSS5.8AI score0.00335EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:49 a.m.12 views

CVE-2026-42358

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

3.7CVSS5.8AI score0.00421EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/01 7:49 a.m.14 views

EUVD-2026-33589

A bug in Apache Airflow's Variable response masker caused nested-key redaction triggered by secret-suffixed key names like password, token, secret, apikey to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nest...

6.5CVSS5.8AI score0.00421EPSS
Exploits0References2
Rows per page
Query Builder