What is the CVSS score of CVE-2026-33858?

CVE-2026-33858 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Apache are affected by CVE-2026-33858?

Apache Airflow versions 3.1.8 through 3.1.x contain a remote code execution vulnerability in XCom payload handling that allows authenticated DAG Authors to execute arbitrary code within the webserver…. A patch is available.

How to fix or mitigate CVE-2026-33858?

Within 24 hours: inventory all Apache Airflow 3.1.8 through 3.1.x deployments and identify DAG Author role assignments. Within 7 days: upgrade to Apache Airflow 3.2.0 or apply vendor-released patch; if immediate upgrade is not feasible, implement access controls restricting DAG Author role to essential personnel only and enable detailed audit logging of DAG creation and modification activities. Within 30 days: conduct post-patch validation and review DAG Author access provisioning across all environments.

Apache CVE-2026-33858

EUVD-2026-21978 HIGH

Deserialization of Untrusted Data (CWE-502)

2026-04-13 apache

GHSA-mc4f-r875-v87w

Deserialization Apache RCE

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 17, 2026 - 15:22 vuln.today

cvss_changed

Analysis Generated

Apr 15, 2026 - 12:30 vuln.today

CVSS changed

Apr 13, 2026 - 16:22 NVD

8.8 (HIGH)

EUVD ID Assigned

Apr 13, 2026 - 15:15 euvd

EUVD-2026-21978

Analysis Generated

Apr 13, 2026 - 15:15 vuln.today

Patch released

Apr 13, 2026 - 15:15 nvd

Patch available

CVE Published

Apr 13, 2026 - 14:36 nvd

HIGH 8.8

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

21 pypi packages depend on apache-airflow (11 direct, 10 indirect)

Ecosystem-wide dependent count for version 3.1.8.

DescriptionCVE.org

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.

Users are recommended to upgrade to Apache Airflow 3.2.0, which resolves this issue.

AnalysisAI

Remote code execution in Apache Airflow 3.1.x allows authenticated DAG Authors to execute arbitrary code in the webserver context through crafted XCom payloads exploiting insecure deserialization (CWE-502). Affects Apache Airflow versions 3.1.8 through <3.2.0. …

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access

Authenticate as DAG Author

Delivery

Create malicious workflow with XCom task

Exploit

Inject serialized payload in XCom value

Execution

Trigger webserver deserialization

Impact

Execute arbitrary code in webserver context

Access

Authenticate as DAG Author

Delivery

Create malicious workflow with XCom task

Exploit

Inject serialized payload in XCom value

Execution

Trigger webserver deserialization

Impact

Execute arbitrary code in webserver context

Vulnerability AssessmentAI

Exploitation	Attacker must possess authenticated DAG Author credentials in Apache Airflow, which grants permissions to create and modify workflow definitions (Directed Acyclic Graphs). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment	Real-world risk is LOW despite the 8.8 CVSS score, a rare case where multiple signals align against the base score. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	A malicious DAG Author with legitimate credentials authenticates to an Apache Airflow 3.1.x instance and creates a new workflow containing a task that generates a crafted XCom payload embedded with serialized Python objects designed to execute system commands. When another task or the webserver retrieves and deserializes this XCom value, the malicious payload triggers arbitrary code execution in the webserver process context, allowing the attacker to read sensitive configuration files, modify workflow definitions beyond their intended permissions, or establish persistence mechanisms within the Airflow environment. …
Remediation	Upgrade to Apache Airflow 3.2.0, which fully resolves the insecure deserialization issue in XCom payload handling. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: inventory all Apache Airflow 3.1.8 through 3.1.x deployments and identify DAG Author role assignments. …

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-33858 vulnerability details – vuln.today

Back

Apache CVE-2026-33858

Severity by source

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionCVE.org

AnalysisAI

Unlock full vulnerability intelligence

Attack ChainAIDerived

Vulnerability AssessmentAI

Recommended ActionAI

Share

External POC / Exploit Code