Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4Blast Radius
ecosystem impact- 10 pypi packages depend on apache-airflow (1 direct, 9 indirect)
Ecosystem-wide dependent count for version 3.2.0.
DescriptionCVE.org
The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly trusted, this is a Low severity vulnerability.
It does not affect Airflow release - example_dags are not supposed to be enabled in production environment, however users following the example could replicate the bad pattern. Documentation of Airflow 3.2.0 contains version of the example with improved resiliance for that case.
Users who followed that pattern are advised to adjust their implementations accordingly.
Analysis
The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users are already highly trusted, this is a Low severity vulnerability.
It does not affect Airflow release - example_dags are not supposed to be enabled in production environment, however users following the example could replicate the bad pattern. Documentation of Airflow 3.2.0 contains version of the example with improved resiliance for that case.
Users who followed that pattern are advised to adjust their implementations accordingly.
More in Apache Airflow
View allRemote code execution in Apache Airflow before 3.3.0 lets a DAG author embed a malicious trigger whose attacker-controll
Command injection in Apache Airflow's BashOperator documentation example allows authenticated attackers to escalate priv
CVE-2026-30911 is a security vulnerability (CVSS 8.1) that allows any authenticated task instance. High severity vulnera
Apache Airflow 3.0.0 through 3.1.x exposes JWT authentication tokens in application logs, allowing any authenticated UI
CVE-2026-28779 is a security vulnerability (CVSS 7.5) that allows any application co-hosted under the same domain. High
Apache Airflow 3.0.x prior to 3.2.0 allows remote unauthenticated attackers to trigger unauthorized DAG (Directed Acycli
{dag_id}` endpoint and its UI equivalent perform authorization only on the requested DAG identifier, not on the full fil
Apache Airflow REST API exposes provider secrets in plaintext through the task-instance detail and list endpoints when t
Sensitive credential exposure in Apache Airflow's Bulk Variables API allows authenticated users with bulk Variable read
Apache Airflow's Config API leaks plaintext secrets-backend credentials to authenticated users with Config read permissi
CVE-2026-26929 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management proce
Incomplete authorization filtering in Apache Airflow's `/ui/dependencies` scheduling graph endpoint exposes restricted D
Same weakness CWE-94 – Code Injection
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-209465
GHSA-q2hg-643c-gw8h