apache-airflow
PyPI131 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting apache-airflowpage 3 of 3
- CVE-2025-68438HIGHCVSS 7.5EG 7.5✓ Fixed in 3.1.62026-01-16
vulnerable: 3.1.0 ... 3.1.6rc1 (15 versions)
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of …
- CVE-2025-68675HIGHCVSS 7.5EG 7.5✓ Fixed in 3.1.62026-01-16
vulnerable: 1.10.0 ... 3.1.6rc1 (270 versions)
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore…
- CVE-2026-22922MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.1.72026-02-09
vulnerable: 3.1.0 ... 3.1.7rc2 (18 versions)
Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgr…
- CVE-2026-24098MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.1.72026-02-09
vulnerable: 3.0.0 ... 3.1.7rc2 (45 versions)
Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgr…
- CVE-2026-25219MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.1.82026-04-15
vulnerable: 1.10.0 ... 3.1.8rc2 (276 versions)
The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidental…
- CVE-2026-25917HIGHCVSS 7.2EG 7.2✓ Fixed in 3.2.02026-04-18
vulnerable: 1.10.0 ... 3.2.0rc2 (281 versions)
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. U…
- CVE-2026-26929HIGHCVSS 7.5EG 7.5✓ Fixed in 3.1.82026-03-17
vulnerable: 3.0.0 ... 3.1.8rc2 (48 versions)
Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made wit…
- CVE-2026-28563MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.1.82026-03-17
vulnerable: 3.0.0 ... 3.1.8rc2 (48 versions)
Apache Airflow: DAG authorization bypass Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG …
- CVE-2026-28779HIGHCVSS 7.5EG 7.5✓ Fixed in 3.1.82026-03-17
vulnerable: 3.0.0 ... 3.1.8rc2 (48 versions)
Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the co…
- CVE-2026-30911HIGHCVSS 8.1EG 8.1✓ Fixed in 3.1.82026-03-17
vulnerable: 3.1.0 ... 3.1.8rc2 (21 versions)
Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenti…
- CVE-2026-30912HIGHCVSS 7.5EG 7.5✓ Fixed in 3.2.02026-04-18
vulnerable: 1.10.0 ... 3.2.0rc2 (281 versions)
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apa…
- CVE-2026-31987HIGHCVSS 7.5EG 7.5✓ Fixed in 3.2.02026-04-16
vulnerable: 3.0.0 ... 3.2.0rc2 (53 versions)
JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue.
- CVE-2026-32690LOWCVSS 3.7EG 3.7✓ Fixed in 3.2.02026-04-18
vulnerable: 3.0.0 ... 3.2.0rc2 (53 versions)
Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSO…
- CVE-2026-32794MEDIUMCVSS 4.8EG 4.8✓ Fixed in 1.12.02026-03-30
vulnerable: 1.10.0 ... 1.10.9rc1 (57 versions)
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is inte…
- CVE-2026-33858HIGHCVSS 8.8EG 8.8✓ Fixed in 3.2.02026-04-13
vulnerable: 3.1.8, 3.2.0b1, 3.2.0b2, 3.2.0rc1, 3.2.0rc2
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. …
- CVE-2026-34538MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.2.02026-04-09
vulnerable: 3.0.0 ... 3.2.0rc2 (53 versions)
Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as…
- CVE-2026-38743MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.2.1rc12026-04-24
vulnerable: 1.10.0 ... 3.2.0rc2 (282 versions)
The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts (including…
- CVE-2026-40690MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.2.1rc12026-04-24
vulnerable: 1.10.0 ... 3.2.0rc2 (282 versions)
The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAG…
- CVE-2026-40861MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.2.22026-06-01
vulnerable: 1.10.0 ... 3.2.2rc3 (289 versions)
A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg`) or (b) supply a `task_id` containin…
- CVE-2026-40961HIGHCVSS 7.2EG 7.2✓ Fixed in 3.2.22026-06-01
vulnerable: 1.10.0 ... 3.2.2rc3 (289 versions)
A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to …
- CVE-2026-41014MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.2.22026-06-01
vulnerable: 3.2.0 ... 3.2.2rc3 (8 versions)
The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configur…
- CVE-2026-41017MEDIUMCVSS 5.9EG 5.9✓ Fixed in 3.2.22026-06-01
vulnerable: 3.0.0 ... 3.2.2rc3 (61 versions)
Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy (e.g. nginx / Envoy / a managed load balancer that terminate…
- CVE-2026-41084HIGHCVSS 7.5EG 7.5✓ Fixed in 3.2.22026-06-01
vulnerable: 3.2.0 ... 3.2.2rc3 (8 versions)
A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`) evaluated authorization against the `dag_id` resolved from the URL path while operating on the `dag_id` / `dag_run_…
- CVE-2026-42252CRITICALCVSS 9.1EG 9.1✓ Fixed in 3.2.22026-06-01
vulnerable: 3.0.0 ... 3.2.2rc3 (61 versions)
Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `BashOperator(bash_command="echo value: {{ dag_run.conf['conf1'] }}")` example without any quoting / sani…
- CVE-2026-42359HIGHCVSS 8.8EG 8.8✓ Fixed in 3.2.22026-06-01
vulnerable: 3.2.0 ... 3.2.2rc3 (8 versions)
A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names (e.g. `return_value`) that the matching P…
- CVE-2026-42360MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.2.22026-06-01
vulnerable: 1.10.0 ... 3.2.2rc3 (289 versions)
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g. nested `password` / `token` / `secret` / `api_key` keys inside a JSON template structure) to be bypassed when the rendered field exceeded …
- CVE-2026-45192MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.2.22026-06-01
vulnerable: 1.10.0 ... 3.2.2rc3 (289 versions)
A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's `extra` JSON blob under field name…
- CVE-2026-45360HIGHCVSS 7.3EG 7.3✓ Fixed in 3.2.22026-06-01
vulnerable: 1.10.0 ... 3.2.2rc3 (289 versions)
Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-r…
- CVE-2026-45426LOWCVSS 3.1EG 3.1✓ Fixed in 3.2.22026-06-01
vulnerable: 3.0.0 ... 3.2.2rc3 (61 versions)
Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's `str.lstrip…
- CVE-2026-46764MEDIUMCVSS 4.3EG 4.3✓ Fixed in 3.2.22026-06-01
vulnerable: 1.10.0 ... 3.2.2rc3 (289 versions)
The Event Log detail endpoint `GET /api/v2/eventLogs/{event_log_id}` in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint `GET /api/v2/eventLogs` a…
- CVE-2026-48726MEDIUMCVSS 6.5EG 6.5✓ Fixed in 3.2.22026-06-01
vulnerable: 1.10.0 ... 3.2.2rc3 (289 versions)
A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `KeycloakAuthManager` did not actually reach the underlying `r…
Check whether apache-airflow is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for apache-airflow CVEs against the assets you own.
Start Free Scan →