EUVD-2026-33585
GHSA-x5wm-j6wh-2834
Severity by source
AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
6Blast Radius
ecosystem impact- 3 pypi packages depend on apache-airflow (1 direct, 2 indirect)
Ecosystem-wide dependent count for version 3.0.0.
Description PRE-NVD
AnalysisAI
{/, l, o, g} - rather than a literal prefix strip, causing the filename derived from the URL to diverge from the file actually served. No public exploit has been identified at time of analysis, and this vulnerability is not listed in CISA KEV.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires: (1) a valid Airflow user account with at least low-privilege access (PR:L per CVSS vector - unauthenticated exploitation is not possible); (2) the target log filename must begin with one or more characters from the set {/, l, o, g} so that `lstrip("/log/")` produces a shorter string that diverges from the file actually served - this is a structural constraint of the attack, not a rare edge case, since Airflow log filenames commonly begin with DAG-name or task-name prefixes that may include these characters; (3) the attacker must know or enumerate the exact filename of the target log file in another DAG; (4) the Airflow log server component must be deployed and reachable (it may run on a separate internal port). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | CVSS 3.1 scores this at 3.1 (Low) with vector AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated Airflow user holding a valid JWT for their own DAG's log file crafts a GET request to `/log/log_<target_task_run>.log` while presenting a JWT with `filename: "_<target_task_run>.log"` - a filename that would result from the lstrip character stripping of the target path. The log server's `validate_jwt_token` method strips leading characters in the set {/, l, o, g} from the request path, producing `"_<target_task_run>.log"` which matches the JWT claim, so authorization passes; however, StaticFiles serves the full `log_<target_task_run>.log` file from a DAG the attacker does not have permission to view. … |
| Remediation | Upgrade to Apache Airflow 3.2.2 or later, which replaces the vulnerable `lstrip("/log/")` call with `removeprefix("/log/")` in the `validate_jwt_token` method - tracked in GitHub PR #66749 (https://github.com/apache/airflow/pull/66749). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Authentication bypass in StarTree mcp-pinot versions 3.0.1 and earlier exposes the Model Context Protocol HTTP server on
Unauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully comprom
Cross-user flow execution in Langflow versions prior to 1.9.1 allows any authenticated API user to run another user's fl
Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a co
Share
External POC / Exploit Code
Leaving vuln.today