Lucene search
K
ApacheAirflow

143 matches found

CVE
CVE
added 2025/10/30 9:45 a.m.44 views

CVE-2025-54941

The CVE-2025-54941 issue affects Apache Airflow, specifically the example_dag_decorator parameter handling. A non-validated parameter in the example DAG allowed a UI user to redirect to a malicious server and execute code on a worker, but exploitation requires that example DAGs are enabled in pro...

4.6CVSS6.9AI score0.00448EPSS
CVE
CVE
added 2026/03/17 10:53 a.m.44 views

CVE-2026-30911

Summary (CVE-2026-30911) Apache Airflow versions 3.1.0–3.1.7 have a missing authorization vulnerability in the Execution API’s Human-in-the-Loop (HITL) endpoints. The issue permits any authenticated task instance to read, approve, or reject HITL workflows belonging to other task instances, effect...

8.1CVSS5.8AI score0.00409EPSS
CVE
CVE
added 2026/04/18 6:22 a.m.39 views

CVE-2026-32690

CVE-2026-32690 affects Apache Airflow 3.x before 3.2.0. The issue is that secrets stored in Variables as JSON dictionaries were not properly redacted; nested secret fields could be exposed when variables are retrieved. Affected patterns involve storing sensitive values in JSON form, and the root ...

3.7CVSS5.8AI score0.00421EPSS
CVE
CVE
added 2026/04/09 11:12 a.m.37 views

CVE-2025-57735

CVE-2025-57735 affects Airflow where a JWT token used to authenticate a user was not invalidated at logout. The provided sources indicate that Airflow 3.2 introduced a logout token-invalidation mechanism, and upgrading to Airflow 3.2.0 or newer fixes the issue. The CVSS vector in the initial desc...

9.1CVSS5.8AI score0.00667EPSS
CVE
CVE
added 2026/02/21 2:14 a.m.36 views

CVE-2025-65995

Airflow CVE-2025-65995 affects the UI error-reporting path: if a DAG fails during parsing, full operator kwargs (potentially containing secrets) could be exposed in tracebacks to users with DAG viewing permissions. Affected products are Apache Airflow; root cause is leakage of sensitive values vi...

6.5CVSS5.5AI score0.00801EPSS
CVE
CVE
added 2025/09/26 7:28 a.m.34 views

CVE-2025-54831

Apache Airflow 3.x (notably 3.0.3) exposes sensitive connection details to users with READ permissions via API/UI, bypassing AIRFLOW__CORE__HIDE_SENSITIVE_VAR_CONN_FIELDS. Affected: Airflow 3.0.3; mitigation is upgrading to 3.0.4 or newer. This issue does not affect Airflow 2.x, where the behavio...

6.5CVSS6.1AI score0.00903EPSS
CVE
CVE
added 2026/06/01 7:47 a.m.34 views

CVE-2026-45426

CVE-2026-45426 describes an authenticated Airflow worker with a valid Log-server JWT for at least one Dag who can abuse Python str.lstrip() in the JWT sub verification to access logs of other Dags. The left-stripping behavior treats a set of characters as deletable, not a prefix, enabling cross-D...

3.1CVSS5.8AI score0.00344EPSS
CVE
CVE
added 2026/06/01 7:52 a.m.33 views

CVE-2026-41017

CVE-2026-41017 affects Apache Airflow where JWTRefreshMiddleware sets the JWT cookie without the Secure flag. This impacts deployments exposing the Airflow API server behind TLS-terminating proxies (e.g., nginx, Envoy, or managed load balancers) and may allow a network-positioned attacker to capt...

5.9CVSS5.9AI score0.00265EPSS
CVE
CVE
added 2026/04/15 12:30 p.m.31 views

CVE-2026-25219

CVE-2026-25219 affects Apache Airflow. The vulnerability arises because the access_key and connection_string fields were not marked as sensitive in secrets masker, enabling users with read access to view these values in the UI and potentially in logs. The documented remediation is to upgrade Airf...

6.5CVSS5.8AI score0.00552EPSS
CVE
CVE
added 2026/06/01 6:51 a.m.31 views

CVE-2026-45192

CVE-2026-45192 concerns Apache Airflow where a bug in GET /api/v2/connections/{connection_id} allowed an authenticated UI/API user with Connection-read permission to access secrets stored in a Connection's extra JSON blob that are not included in the redaction allowlist (DEFAULT_SENSITIVE_FIELDS)...

6.5CVSS5.8AI score0.0041EPSS
Web
CVE
CVE
added 2026/06/01 7:45 a.m.31 views

CVE-2026-46764

The CVE-2026-46764 affects Apache Airflow’s Event Log APIs: the detail endpoint GET /api/v2/eventLogs/{event_log_id} returns audit-log rows by numeric ID after only a generic Audit Log permission check, while GET /api/v2/eventLogs applies per-Dag scoping. An authenticated user with audit-log read...

4.3CVSS5.8AI score0.00352EPSS
Web
CVE
CVE
added 2026/06/01 7:34 a.m.31 views

CVE-2026-49298

Summary: CVE-2026-49298 affects Apache Airflow when using the KubernetesExecutor. JWT tokens used by worker pods to authenticate to the Execution API are exposed as command-line arguments in the pod spec, enabling a user with Kubernetes read-only access (pods/get) to harvest a token and perform s...

8.8CVSS5.8AI score0.00489EPSS
CVE
CVE
added 2026/02/09 10:33 a.m.30 views

CVE-2026-22922

CVE-2026-22922 affects Apache Airflow versions 3.1.0–3.1.6, where an authorization flaw could allow an authenticated user with custom permissions limited to task access to view task logs without task-log access. The issue has been fixed in Airflow 3.1.7 and later. Practical impact is limited to l...

6.5CVSS5.4AI score0.00382EPSS
CVE
CVE
added 2026/03/17 10:54 a.m.29 views

CVE-2026-28563

CVE-2026-28563 affects Apache Airflow, versions 3.1.0–3.1.7. The /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs, allowing an authenticated user with only the DAG Dependencies permission to enumerate DAGs they are not authorized to view. Roo...

4.3CVSS5.7AI score0.0044EPSS
CVE
CVE
added 2026/06/01 7:53 a.m.29 views

CVE-2026-41014

Apache Airflow vulnerability CVE-2026-41014 affects the partitioned_dag_runs endpoints in the UI. The issue arises from enforcing only asset-level access control, enabling an authenticated UI/API user with global Asset:read permission to enumerate partition run state, schedule configuration, and ...

4.3CVSS5.8AI score0.00352EPSS
CVE
CVE
added 2026/06/01 7:53 a.m.28 views

CVE-2026-49267

Apache Airflow is affected where EmailOperator and airflow.utils.email establish SMTP STARTTLS without remote-certificate verification when smtp_starttls=True and smtp_ssl=False, enabling a network MITM to capture SMTP AUTH credentials and message contents. The issue is the core Airflow side, rel...

5.9CVSS5.9AI score0.00185EPSS
CVE
CVE
added 2026/06/01 7:35 a.m.27 views

CVE-2026-48726

CVE-2026-48726 describes a bug in Apache Airflow where the logout flow for FabAuthManager and KeycloakAuthManager does not reach revoke_token(), leaving previously issued JWTs valid until expiry. This creates a residual gap after CVE-2025-57735 where cookie-side invalidation was addressed but pro...

6.5CVSS5.9AI score0.00382EPSS
CVE
CVE
added 2026/06/01 7:50 a.m.26 views

CVE-2026-42360

Apache Airflow CVE-2026-42360 describes a vulnerability in the rendered-template field handling where nested sensitive-keys (password/token/secret/api_key) could be exposed if the rendered field exceeded max_templated_field_length. The bug occurs because the structure is stringified before redact...

6.5CVSS5.8AI score0.00335EPSS
CVE
CVE
added 2026/04/24 12:36 p.m.25 views

CVE-2026-38743

The CVE-2026-38743 issue affects Apache Airflow’s authenticated /ui/dags endpoint, where per-DAG access control was not enforced for embedded HITL prompts and TaskInstance records. A user with read access to any DAG could access HITL prompts (including request parameters) and full TaskInstance de...

4.3CVSS5.3AI score0.00352EPSS
Web
CVE
CVE
added 2026/06/01 7:54 a.m.25 views

CVE-2026-40963

The CVE-2026-40963 issue affects the Apache Airflow UI’s /ui/structure/structure_data endpoint. It allows an authenticated user with access to one Dag to enumerate dependency graph nodes and related metadata for other Dags for which they lack read permissions, leaking topology across teams when p...

3.1CVSS5.8AI score0.00459EPSS
CVE
CVE
added 2026/06/01 7:55 a.m.24 views

CVE-2026-40861

CVE-2026-40861 affects Apache Airflow, specifically the FileTaskHandler used for task logs. A Dag author can cause log path resolution to escape the configured base_log_folder via two patterns: (a) creating a symlink in the task log directory to an arbitrary file readable by the API server (read-...

6.5CVSS5.9AI score0.00665EPSS
CVE
CVE
added 2026/06/01 7:55 a.m.24 views

CVE-2026-40961

CVE-2026-40961 — Apache Airflow Open Redirect Bypass . A bug in the login redirect route allows authenticated users to craft URLs that bypass the is_safe_url check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. This affects the login flow and can lead to cre...

7.2CVSS5.8AI score0.00649EPSS
CVE
CVE
added 2026/06/01 7:51 a.m.24 views

CVE-2026-41084

CVE-2026-41084: Apache Airflow bug in the bulk Task Instances API (PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances) evaluated authorization from the URL dag_id while operating on dag_id/dag_run_id from the request body. An authenticated user with edit permission on one Dag c...

7.5CVSS5.8AI score0.00458EPSS
Web
CVE
CVE
added 2025/10/30 9:11 a.m.23 views

CVE-2025-62503

CVE-2025-62503 – Apache Airflow: Privilege boundary bypass in bulk APIs allows a user with CREATE (but not UPDATE) for Pools, Connections, and Variables to update existing records via the bulk create API with an overwrite action. Multiple sources (BIT-AIRFLOW-2025-62503, EUVD, Red Hat/CISA refere...

4.6CVSS6.6AI score0.00396EPSS
CVE
CVE
added 2026/04/18 6:20 a.m.23 views

CVE-2026-30912

CVE-2026-30912 concerns Apache Airflow where SQL errors expose exception and stack trace information in the API despite the setting api/expose_stack_traces being disabled. This behavior can leak sensitive information to an attacker. The connected sources consistently indicate the issue affects Ai...

7.5CVSS5.8AI score0.00449EPSS
CVE
CVE
added 2026/04/16 1:31 p.m.23 views

CVE-2026-31987

Apache Airflow CVE-2026-31987 involves JWT tokens used by tasks being exposed in logs, potentially allowing UI users to act as Dag Authors. Connected sources consistently identify the issue as a log exposure of JWT tokens and advise upgrading to a fixed Airflow release (version 3.2.0 or newer). T...

7.5CVSS5.8AI score0.00739EPSS
CVE
CVE
added 2026/04/18 6:19 a.m.23 views

CVE-2026-32228

CVE-2026-32228 affects Apache Airflow. A UI/API user with asset materialize permission could trigger DAGs to which they have no access. The public description consistently notes that upgrading to Airflow v3.2.0 fixes the issue. No exploitation status or in-the-wild details are provided in the sup...

7.5CVSS5.7AI score0.00426EPSS
CVE
CVE
added 2026/06/01 7:49 a.m.23 views

CVE-2026-42358

Summary (CVE-2026-42358): In Apache Airflow, the Variable response masker can bypass nested-key redaction when JSON values are deeply nested. Keys ending with secret-like suffixes (password, token, secret, api_key) could have their plaintext values exposed if nesting depth exceeds the masker's re...

6.5CVSS5.8AI score0.00335EPSS
CVE
CVE
added 2026/04/15 12:22 a.m.22 views

CVE-2025-54550

Summary (CVE-2025-54550) : The issue concerns the example_xcom in Airflow documentation that reads from XComs using an unsafe pattern. The root cause is a vulnerable read pattern that could allow a UI user with XCom modification access to cause arbitrary code execution on the worker. The document...

8.1CVSS5.9AI score0.00579EPSS
CVE
CVE
added 2026/06/01 7:49 a.m.22 views

CVE-2026-42359

CVE-2026-42359 (Apache Airflow) : A bug in the XCom PATCH endpoint (PATCH /api/v2/xcomEntries/{key}) allows an authenticated UI/API user with XCom write permission on a DAG to set XCom entries under reserved keys (e.g., return_value) that bypass a prior validation on the POST path. The endpoint c...

8.8CVSS5.8AI score0.0055EPSS
Web
CVE
CVE
added 2025/12/15 11:30 a.m.20 views

CVE-2025-66388

CVE-2025-66388 affects Apache Airflow where an authenticated UI user could view secret values in rendered templates because secrets were not properly redacted. This information disclosure vulnerability enables access to sensitive data without additional authorization. Public sources in connected ...

6.5CVSS6.3AI score0.00406EPSS
CVE
CVE
added 2026/03/17 10:15 a.m.20 views

CVE-2026-28779

Apache Airflow 3.1.0–3.1.7 exposes a session-token cookie path (/), ignoring configured webserver/api base_url. This enables co-hosted applications on the same domain to capture tokens and take over sessions without exploiting Airflow itself. Public descriptions consistently recommend upgrading t...

7.5CVSS5.8AI score0.00677EPSS
CVE
CVE
added 2026/03/17 10:54 a.m.17 views

CVE-2026-26929

CVE-2026-26929 affects Apache Airflow versions 3.0.0–3.1.7 where the FastAPI DagVersion listing API does not apply per-DAG authorization filtering when dag_id is “~” (wildcard). This allows a requester to retrieve version metadata for DAGs they are not authorized to access. The public advisories ...

6.5CVSS5.7AI score0.00406EPSS
CVE
CVE
added 2026/04/24 12:35 p.m.17 views

CVE-2026-40690

CVE-2026-40690 affects the asset dependency graph in Apache Airflow. The issue: the graph view did not enforce DAG read permissions , allowing a user with access to at least one DAG to discover the existence and names of other DAGs and assets across the deployment. Root cause per sources: lack of...

4.3CVSS5.2AI score0.00352EPSS
CVE
CVE
added 2026/04/30 9:9 a.m.16 views

CVE-2026-41016

CVE-2026-41016 affects Apache Airflow’s SMTP provider SmtpHook. The SMTP workflow calls smtplib.SMTP.starttls() without supplying an SSL context, so TLS upgrades do not validate certificates. This enables a man-in-the-middle between the Airflow worker and the SMTP server to present a self-signed ...

5.9CVSS5.3AI score0.00268EPSS
CVE
CVE
added 2026/02/24 10:9 a.m.15 views

CVE-2025-27555

CVE-2025-27555 concerns Apache Airflow prior to 2.11.1 where authenticated users with audit log access can see sensitive connection parameters logged by the system when set via the airflow CLI. The underlying issue is that these sensitive values were stored unencrypted in the Airflow database and...

6.5CVSS5.3AI score0.00363EPSS
CVE
CVE
added 2026/02/09 10:32 a.m.15 views

CVE-2026-24098

CVE-2026-24098 affects Apache Airflow versions before 3.1.7. Authenticated UI users with permission to one or more Dags can view import errors generated by other Dags they should not access. The issue is remedied by upgrading to Airflow 3.1.7 or later; no further exploit details are provided in t...

6.5CVSS5.8AI score0.00739EPSS
CVE
CVE
added 6 days ago15 views

CVE-2026-48828

The CVE-2026-48828 issue affects Apache Airflow’s Bulk Variables API: the redactor was invoked without passing the variable key, so the key-based should_hide_value_for_key check (triggered by secret-suffixed keys like *_password, *_token, *_secret) could not redact JSON-typed variable values. An ...

6.5CVSS6AI score0.00664EPSS
CVE
CVE
added 6 days ago15 views

CVE-2026-49296

CVE-2026-49296 (Apache Airflow) : Affected versions before 3.3.0 expose the full source of co-located DAGs when reading a single DAG via GET /api/v2/dagSources/{dag_id} or the UI view, bypassing per-DAG read controls. This can disclose multiple DAG sources from the same file to authorized readers...

6.5CVSS5.9AI score0.00601EPSS
Web
CVE
CVE
added 2026/04/09 9:9 a.m.14 views

CVE-2026-34538

Apache Airflow CVE-2026-34538 affects 3.0.0–3.1.8 where the DagRun wait endpoint exposes XCom payloads to users with only DAG Run read access (e.g., Viewer), bypassing FAB RBAC protections. Root cause: authorization flaw in the DagRun wait path that reveals XCom results to unauthorized users. Imp...

6.5CVSS6AI score0.00685EPSS
CVE
CVE
added 6 days ago13 views

CVE-2026-48891

A vulnerability in Apache Airflow affects the UI at /ui/dependencies where the scheduling graph endpoint applies the caller’s readable-Dag filter to the top-level Dag key but still exposes Dag IDs in dep.source and dep.target for trigger/sensor entries. An authenticated UI user with read access t...

4.3CVSS6AI score0.00636EPSS
Web
CVE
CVE
added 6 days ago13 views

CVE-2026-48892

CVE-2026-48892 : Apache Airflow's Config API leaks per-key secrets-backend overrides via environment variables (e.g., AIRFLOW__SECRETS__BACKEND_KWARG__SECRET_ID, AIRFLOW__WORKERS__SECRETS_BACKEND_KWARG__SECRET_ID) that are not in sensitive_config_values, allowing an authenticated UI/API user with...

6.5CVSS6AI score0.00664EPSS
CVE
CVE
added 6 days ago12 views

CVE-2026-49487

Apache Airflow prior to 3.3.0 exposes secrets in clear text via the REST API. Specifically, the task-instance detail and list endpoints leak a deferred task’s trigger kwargs, so if a deferred operator passes a secret (e.g., a provider API key) into its trigger, any authenticated user with DAG-sco...

6.5CVSS6AI score0.00664EPSS
Total number of security vulnerabilities143