Skip to main content

Apache Airflow CVE-2026-41084

| EUVDEUVD-2026-33592 HIGH
Authorization Bypass Through User-Controlled Key (CWE-639)
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

6
Source Code Evidence Fetched
Jun 02, 2026 - 17:24 vuln.today
Analysis Generated
Jun 02, 2026 - 17:24 vuln.today
CVSS changed
Jun 02, 2026 - 17:22 NVD
7.5 (HIGH)
Patch available
Jun 01, 2026 - 10:01 EUVD
CVE Published
May 31, 2026 - 12:45 nvd
UNKNOWN (no severity yet)
CVE Published
May 31, 2026 - 12:45 nvd
HIGH 7.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 10 pypi packages depend on apache-airflow (1 direct, 9 indirect)

Ecosystem-wide dependent count for version 3.2.0.

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

API authorization bypass in Apache Airflow 3.2.0 through versions before 3.2.2 allows authenticated users with access to one DAG to mutate TaskInstances belonging to other DAGs they should not control, via the bulk TaskInstances PUT/DELETE endpoints. The flaw stems from the bulk handler omitting per-DAG authorization checks, enabling cross-DAG state tampering with high integrity impact (CVSS 7.5, vector AV:N/AC:L/PR:N/UI:N/I:H). No public exploit identified at time of analysis and EPSS probability is low at 0.01%.

Technical ContextAI

Apache Airflow is a Python-based workflow orchestration platform whose REST API exposes bulk TaskInstance update/delete endpoints under the FastAPI core_api service (airflow-core/src/airflow/api_fastapi/core_api/services/public/task_instances.py). The vulnerability is a CWE-639 Authorization Bypass Through User-Controlled Key: the bulk handler iterates entities supplied in the request body and dispatches PUT/DELETE operations without invoking the auth manager's is_authorized_dag() check for each target dag_id. The upstream fix (PR #64288) introduces a dag_authorization_cache and calls get_auth_manager().is_authorized_dag(method=..., access_entity=DagAccessEntity.TASK_INSTANCE, details=DagDetails(id=dag_id, team_name=...)) per DAG, returning HTTP 403 for unauthorized DAGs while still processing authorized ones.

RemediationAI

Upgrade to Apache Airflow 3.2.2 or later, which incorporates the per-DAG authorization check from PR https://github.com/apache/airflow/pull/64288. Until upgrade is possible, restrict access to the bulk TaskInstance API endpoints (PUT/DELETE on /api/v2/...//taskInstances bulk routes) at the reverse-proxy or ingress layer to only trusted operator accounts - note this will break legitimate multi-team automations that rely on bulk operations. As an additional compensating control, audit Airflow API logs for bulk task_instance mutations referencing dag_ids the requesting user does not own, and consider temporarily disabling the simple auth manager in favor of an auth manager that scopes API tokens to specific DAG sets. Consult the Apache advisory at https://lists.apache.org/thread/w0hdcqfr71hf9rl1bwvpjs7q9yp1bldk for vendor-specific guidance.

Share

CVE-2026-41084 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy