Skip to main content

Apache Airflow CVE-2026-42358

| EUVDEUVD-2026-33589 MEDIUM
Information Exposure (CWE-200)
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

6
Source Code Evidence Fetched
Jun 01, 2026 - 17:28 vuln.today
Analysis Generated
Jun 01, 2026 - 17:28 vuln.today
CVSS changed
Jun 01, 2026 - 17:22 NVD
6.5 (MEDIUM)
Patch available
Jun 01, 2026 - 10:01 EUVD
CVE Published
May 31, 2026 - 12:45 nvd
UNKNOWN (no severity yet)
CVE Published
May 31, 2026 - 12:45 nvd
MEDIUM 6.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 8 pypi packages depend on apache-airflow (4 direct, 4 indirect)

Ecosystem-wide dependent count for version 3.2.2.

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

The SecretsMasker component in Apache Airflow prior to 3.2.2 returns cleartext sensitive values when those values are stored under recognized sensitive key names (password, token, secret, api_key) nested deeper than five dict levels in structured payloads. Authenticated low-privilege users can craft dag_run.conf or XCom payloads exceeding this depth threshold, causing secrets to surface in task logs, rendered templates, and API responses. No public exploit code exists and EPSS is 0.02% at the 5th percentile - this is not confirmed actively exploited (not in CISA KEV) - but the CVSS confidentiality impact is rated High given that the bypass can expose real credentials to any user who can review logs.

Technical ContextAI

The root cause (CWE-200: Exposure of Sensitive Information to an Unauthorized Actor) lives in _redact_all() within airflow_shared/secrets_masker/secrets_masker.py (CPE: cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*). Prior to the fix, a single depth > max_depth guard (max_depth defaulting to 5) controlled the entire recursive descent, covering both key-name-based redaction and pattern-based string masking. When a dict containing a sensitive key was nested at depth 6 or beyond, the function short-circuited and returned the subtree unchanged rather than evaluating key names. The PR #65912 fix decouples these two behaviors: dict traversal for key-name-based redaction is now unbounded (relying on Python's own recursion limit and a fail-closed <redaction-failed> except clause for self-referential structures), while the depth cap is retained only for the computationally expensive pattern-based string masking pass. Test cases in the PR confirm that password, token, secret, and api_key are correctly masked at depths 5, 6, and 7 post-fix.

RemediationAI

Upgrade to Apache Airflow 3.2.2 or later, which includes the restructured SecretsMasker from PR #65912 (https://github.com/apache/airflow/pull/65912). The patched release ensures key-name-based redaction traverses dict structures at any nesting depth, eliminating the bypass. If immediate upgrade is not feasible, enforce a policy that sensitive credentials stored in dag_run.conf or XCom payloads are placed at a nesting depth of four or fewer levels, keeping them within the existing max_depth guard - note this is a fragile workaround and does not fix the underlying defect. Additionally, restrict task log access and the rendered-template view in the Airflow UI to the minimum set of trusted users, reducing the surface area for credential harvesting. Review existing task logs for any instances of cleartext sensitive key names (password, token, secret, api_key) that may have been exposed prior to patching. The vendor advisory is at https://lists.apache.org/thread/33635mv3zjb75wn5453c5yf9trs8x2om.

Share

CVE-2026-42358 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy