Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.5 views

CVE-2026-26929

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...

6.5CVSS5.7AI score0.00406EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/19 12:0 a.m.2 views

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-15159)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...

6.5CVSS5.9AI score0.00406EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/17 12:48 p.m.5 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the DagVersion listing API when the dagid parameter is set to "". An attacker can obtain unauthorized metadata about DAGs by sending a request with a wildcard value, bypassing...

6.5CVSS5.8AI score0.00406EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/17 12:30 p.m.10 views

Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...

6.5CVSS5.7AI score0.00406EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/03/17 11:16 a.m.5 views

CVE-2026-26929

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...

6.5CVSS0.00406EPSS
Exploits0References3
OSV
OSV
added 2026/03/17 11:16 a.m.7 views

CVE-2026-26929

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...

6.5CVSS5.8AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/17 10:54 a.m.2 views

CVE-2026-26929

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dagid set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users ar...

6.5CVSS5.7AI score0.00406EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.7 views

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...

6.5CVSS5.8AI score0.00406EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.4 views

PT-2026-25891

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag id set to "" wildcard for all DAGs. As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users a...

7.5CVSS5.7AI score0.00406EPSS
Exploits0References11
Rows per page
Query Builder