Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-yz8w-uv1z-5ybw
Vulnerability ID VCID-yz8w-uv1z-5ybw
Aliases CVE-2020-11981
GHSA-976r-qfjj-c24w
PYSEC-2020-15
Summary An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.91588 https://api.first.org/data/v1/epss?cve=CVE-2020-11981
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2020-11981
https://github.com/advisories/GHSA-976r-qfjj-c24w
https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.99688
EPSS Score 0.91588
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:19:31.296052+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2020-15.yaml 38.6.0