Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2026/06/01 9:16 a.m.6 views

apache-airflow-core (>=3.2.0 <=3.2.1), apache-airflow-providers-google (=5.0.0) +10 more potentially affected by CVE-2026-33858 +1 more via apache-airflow (>=3.2.0 <=3.2.1rc3)

apache-airflow PYPI version =3.2.0, =3.2.0, =1.2.0, =13.0.2, =7.2.0, =1.18.3, =1.4.2, =2.1.1, =1.10.3, =1.41.2, =1.28.2, =5.6.2, =5.7.17 Source cves: CVE-2026-33858, CVE-2026-42359 Source advisory: OSV:PYSEC-2026-185...

8.8CVSS5.7AI score0.00592EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/04/13 4:12 p.m.9 views

apache-airflow (>=3.2.0b1 <=3.2.0b2) potentially affected by CVE-2026-33858 via apache-airflow-task-sdk (>=1.2.0b1 <=1.2.0b2)

apache-airflow-task-sdk PYPI version =1.2.0b1, =3.2.0b1, =3.2.0b2 Source cves: CVE-2026-33858 Source advisory: SNYK:PYTHON-APACHEAIRFLOWTASKSDK-16032066...

8.8CVSS5.4AI score0.00592EPSS
Exploits0
NVD
NVD
added 2026/04/13 3:17 p.m.8 views

CVE-2026-33858

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

8.8CVSS0.00592EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/04/13 3:17 p.m.5 views

airflow-clickhouse-plug (=1.6.2), airflow-clickhouse-plugin (=1.6.0) +19 more potentially affected by CVE-2026-33858 via apache-airflow (=3.1.8)

apache-airflow PYPI version =3.1.8 is affected by a known vulnerability. The following packages have a transitive dependency on apache-airflow and may be impacted: - airflow-clickhouse-plug =1.6.2 - airflow-clickhouse-plugin =1.6.0 - airflow-dbt-winwin =0.6.0, =0.2.0, =1.0.2, =0.0.13, =10.13.0,...

8.8CVSS5.7AI score0.00592EPSS
Exploits0
OSV
OSV
added 2026/04/13 2:36 p.m.1 views

CVE-2026-33858 Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0,...

8.8CVSS6.2AI score0.00592EPSS
Exploits0References6
Rows per page
Query Builder