| 0 |
| url |
VCID-1w96-f72k-ryap |
| vulnerability_id |
VCID-1w96-f72k-ryap |
| summary |
A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg`) or (b) supply a `task_id` containing `..` sequences accepted by the Task SDK's `KEY_REGEX` (write-path attack), and in both cases the FileTaskHandler resolves the log path outside the configured `base_log_folder`, leaking or overwriting arbitrary files. Only affects deployments where the worker log folder is shared with the API server. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deploy the worker and API server with separate log volumes so that worker-controlled paths cannot reach the API server's filesystem. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-40861, PYSEC-2026-181
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1w96-f72k-ryap |
|
| 1 |
| url |
VCID-2xr2-w3hk-auck |
| vulnerability_id |
VCID-2xr2-w3hk-auck |
| summary |
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.
Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-25917, GHSA-6ffj-2wg2-w45j, PYSEC-2026-13
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2xr2-w3hk-auck |
|
| 2 |
| url |
VCID-5jyk-dgtu-zfhd |
| vulnerability_id |
VCID-5jyk-dgtu-zfhd |
| summary |
Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — the default on single-host deployments where the DAG bundle is importable from the scheduler process — could embed a custom `DeadlineReference` whose serialized form named an attacker-controlled module path, causing the scheduler to `import_string(...)` and instantiate that class with a live SQLAlchemy session attached. Affects deployments where DAG-author code is less trusted than the scheduler process. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-45360, PYSEC-2026-186
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5jyk-dgtu-zfhd |
|
| 3 |
| url |
VCID-91n6-evww-zybp |
| vulnerability_id |
VCID-91n6-evww-zybp |
| summary |
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-30912, GHSA-w7cf-2pmc-5m4c, PYSEC-2026-18
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-91n6-evww-zybp |
|
| 4 |
| url |
VCID-dh4r-77xc-cbas |
| vulnerability_id |
VCID-dh4r-77xc-cbas |
| summary |
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.
This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@3.1.1 |
| purl |
pkg:pypi/apache-airflow@3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2b14-1bp2-gua6 |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-5hxx-r2d2-9ybk |
|
| 4 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 5 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 6 |
| vulnerability |
VCID-9j1n-cypf-p7g5 |
|
| 7 |
| vulnerability |
VCID-9ru4-qyks-hybs |
|
| 8 |
| vulnerability |
VCID-dhj9-usjr-nbfe |
|
| 9 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 10 |
| vulnerability |
VCID-dzfs-e5ys-fbhz |
|
| 11 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 12 |
| vulnerability |
VCID-etmw-7eq5-mqa2 |
|
| 13 |
| vulnerability |
VCID-ezmu-8g1y-e3hz |
|
| 14 |
| vulnerability |
VCID-geg4-1kgh-akde |
|
| 15 |
| vulnerability |
VCID-hkwf-65vr-dkfz |
|
| 16 |
| vulnerability |
VCID-knrd-atwy-gubn |
|
| 17 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 18 |
| vulnerability |
VCID-snqz-3f8t-syhd |
|
| 19 |
| vulnerability |
VCID-t3ap-dzfp-1bd6 |
|
| 20 |
| vulnerability |
VCID-tbb9-myv7-a7h4 |
|
| 21 |
| vulnerability |
VCID-w56f-fmkf-dkfv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.1 |
|
|
| aliases |
CVE-2023-25693, GHSA-j69x-v4wc-3fpf, PYSEC-2023-314
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dh4r-77xc-cbas |
|
| 5 |
| url |
VCID-djdy-z9r3-s3a2 |
| vulnerability_id |
VCID-djdy-z9r3-s3a2 |
| summary |
A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `KeycloakAuthManager` did not actually reach the underlying `revoke_token()` call, so the JWT remained accepted by the API server until its natural expiry. An attacker holding a previously-issued JWT for a logged-out user could continue to make authenticated API calls as that user. Affects deployments configured with `FabAuthManager` or `KeycloakAuthManager` (the bug does not affect SimpleAuthManager). This is a residual gap in the fix for CVE-2025-57735, which addressed cookie-side invalidation in PR #57992 / PR #61339 but did not cover the provider-side `revoke_token()` reachability in the FAB / Keycloak code paths. Users who already upgraded for CVE-2025-57735 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the FAB / Keycloak logout paths. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-48726, PYSEC-2026-187
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-djdy-z9r3-s3a2 |
|
| 6 |
| url |
VCID-ej1r-mp6n-gudd |
| vulnerability_id |
VCID-ej1r-mp6n-gudd |
| summary |
A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's `extra` JSON blob under field names not present in the redaction allowlist (`DEFAULT_SENSITIVE_FIELDS`) — for example, official Slack-provider credential field names were returned in plaintext. Affects deployments that store credentials in Connection `extra` blobs and grant Connection-read access to multiple users. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deployment operators can store sensitive credential values in a secret-backend rather than inlined into the Connection's `extra` field. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-45192, PYSEC-2026-173
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ej1r-mp6n-gudd |
|
| 7 |
| url |
VCID-pu6f-xhvm-q3du |
| vulnerability_id |
VCID-pu6f-xhvm-q3du |
| summary |
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g. nested `password` / `token` / `secret` / `api_key` keys inside a JSON template structure) to be bypassed when the rendered field exceeded `[core] max_templated_field_length`: Airflow stringified the structure before redaction, losing the nested key context, and persisted the plaintext value into `rendered_fields`. An authenticated UI/API user with permission to read rendered template fields could harvest secret values intended to be masked. Affects deployments where Dag authors pass structured JSON to operators with nested sensitive keys. This is a variant of `CWE-200` previously addressed for the user-registered `mask_secret()` patterns in CVE-2025-68438; that fix did not cover the nested sensitive-keyword allowlist. Users who already upgraded for CVE-2025-68438 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the nested-key path. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-42360, PYSEC-2026-172
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pu6f-xhvm-q3du |
|
| 8 |
| url |
VCID-t3ap-dzfp-1bd6 |
| vulnerability_id |
VCID-t3ap-dzfp-1bd6 |
| summary |
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.
Users are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue |
| references |
|
| fixed_packages |
| 0 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@3.1.6 |
| purl |
pkg:pypi/apache-airflow@3.1.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2b14-1bp2-gua6 |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-5hxx-r2d2-9ybk |
|
| 4 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 5 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 6 |
| vulnerability |
VCID-9j1n-cypf-p7g5 |
|
| 7 |
| vulnerability |
VCID-9ru4-qyks-hybs |
|
| 8 |
| vulnerability |
VCID-dhj9-usjr-nbfe |
|
| 9 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 10 |
| vulnerability |
VCID-dzfs-e5ys-fbhz |
|
| 11 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 12 |
| vulnerability |
VCID-etmw-7eq5-mqa2 |
|
| 13 |
| vulnerability |
VCID-geg4-1kgh-akde |
|
| 14 |
| vulnerability |
VCID-hkwf-65vr-dkfz |
|
| 15 |
| vulnerability |
VCID-knrd-atwy-gubn |
|
| 16 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 17 |
| vulnerability |
VCID-tbb9-myv7-a7h4 |
|
| 18 |
| vulnerability |
VCID-w56f-fmkf-dkfv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.6 |
|
|
| aliases |
CVE-2025-68675, GHSA-7c2f-r6gc-h92h, PYSEC-2026-10
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t3ap-dzfp-1bd6 |
|