Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
4Blast Radius
ecosystem impact- 4 pypi packages depend on apache-airflow (2 direct, 2 indirect)
Ecosystem-wide dependent count for version 3.0.0.
DescriptionCVE.org
Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security model documentation that defines the Viewer role as read-only.
Airflow uses the FAB Auth Manager to manage access control on a per-resource basis. The Viewer role is intended to be read-only by default, and the security model documentation defines Viewer users as those who can inspect DAGs without accessing sensitive execution results.
Users are recommended to upgrade to Apache Airflow 3.2.0 which resolves this issue.
AnalysisAI
Apache Airflow 3.0.0 through 3.1.8 discloses XCom result values to users with only DAG Run read permissions (such as Viewer role), violating the FAB RBAC model that treats XCom as a protected resource. This information disclosure affects authenticated users and allows them to access sensitive execution results they should not be able to view. The vulnerability is not confirmed as actively exploited, and a patch is available in Apache Airflow 3.2.0.
Technical ContextAI
Apache Airflow's DagRun wait endpoint fails to enforce proper access control for XCom values, which are execution results that can contain sensitive information. The vulnerability stems from insufficient authorization checks on a per-resource basis within Airflow's FAB (Flask-AppBuilder) Auth Manager, which is designed to enforce role-based access control (RBAC). XCom (cross-communication) is a mechanism in Airflow for passing data between tasks and accessing execution logs; the FAB RBAC model explicitly designates XCom as a protected resource separate from DAG Run metadata. The Viewer role, as defined in Airflow's security documentation, should provide read-only access to DAG definitions and execution status without exposing sensitive results. The root cause is improper authorization validation (CWE-668: Operation on Resource in Wrong Phase of Lifetime) that returns XCom data to callers without verifying they have explicit permission to access that specific resource class.
RemediationAI
Vendor-released patch: Apache Airflow 3.2.0. Organizations should upgrade to Apache Airflow 3.2.0 or later as the primary remediation. Until patching is possible, administrators can implement compensating controls by restricting Viewer role assignments to users and service accounts that do not require access to sensitive DAG execution environments, and by reviewing IAM policies to limit exposure. The patch details are available at https://github.com/apache/airflow/pull/64415 and the full advisory is at https://lists.apache.org/thread/9mq3msqhmgjwdzbr6bgthj4brb3oz9fl.
Same weakness CWE-668 – Exposure of Resource to Wrong Sphere
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-20878
GHSA-r7vr-m4jw-r794