9 matches found
CVE-2026-26929
Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...
Apache Airflow Information Disclosure Vulnerability (CNVD-2026-15159)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...
Incorrect Permission Assignment for Critical Resource
Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the DagVersion listing API when the dagid parameter is set to "". An attacker can obtain unauthorized metadata about DAGs by sending a request with a wildcard value, bypassing...
Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata
Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...
CVE-2026-26929
Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...
CVE-2026-26929
Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...
CVE-2026-26929
Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...
Apache Airflow 安全漏洞
Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...
PT-2026-25891
Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag id set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users a...