Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Network-accessible API requires authenticated low-privilege account with Config read permission; confidentiality impact is high due to plaintext credential exposure; no integrity or availability impact.
Primary rating from Vendor (apache).
CVSS VectorVendor: apache
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
2Blast Radius
ecosystem impact- 454 pypi packages depend on apache-airflow (429 direct, 30 indirect)
Ecosystem-wide dependent count for version 3.3.0.
DescriptionCVE.org
The Config API in Apache Airflow surfaced per-key secrets-backend overrides (environment variables like AIRFLOW__SECRETS__BACKEND_KWARG__SECRET_ID and AIRFLOW__WORKERS__SECRETS_BACKEND_KWARG__SECRET_ID) as synthetic config options whose option names were not in sensitive_config_values, so the masker did not redact them. An authenticated UI/API user with Config read permission could retrieve plaintext secrets-backend credentials (Vault role_id / secret_id, etc.) from the Config API output. Affects deployments that configure secrets backends via per-key environment overrides. Users are advised to upgrade to apache-airflow 3.3.0 or later.
AnalysisAI
Apache Airflow's Config API leaks plaintext secrets-backend credentials to authenticated users with Config read permission, because per-key environment variable overrides (e.g., AIRFLOW__SECRETS__BACKEND_KWARG__SECRET_ID) generate synthetic config entries whose names are absent from the sensitive_config_values masking list. Affected deployments are those that configure secrets backends such as HashiCorp Vault via these per-key environment variable patterns, exposing credentials like Vault role_id and secret_id through normal API responses. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three concurrent conditions: (1) the attacker holds a valid Airflow account with the Config read permission granted - unauthenticated or unprivileged users cannot trigger this path; (2) the target deployment configures its secrets backend using per-key environment variable overrides in the AIRFLOW__SECRETS__BACKEND_KWARG__* or AIRFLOW__WORKERS__SECRETS_BACKEND_KWARG__* namespace - deployments using only the top-level AIRFLOW__SECRETS__BACKEND or inline kwarg configuration are not exposed; and (3) those environment variables contain actual credentials (e.g., Vault role_id, secret_id). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No CVSS vector was provided by NVD or the vendor advisory, so all metric judgments below are independently inferred from the description. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained or holds a low-privileged Airflow account with Config read permission issues a GET request to the Airflow Config API endpoint. Because the per-key secrets-backend override option names are absent from the masker's allowlist, the API response includes the plaintext Vault role_id and secret_id. … |
| Remediation | The primary fix is to upgrade to apache-airflow 3.3.0 or later, which corrects the masking omission so that per-key BACKEND_KWARG environment variable names are included in sensitive_config_values and redacted in Config API output. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Apache Airflow
View allRemote code execution in Apache Airflow before 3.3.0 lets a DAG author embed a malicious trigger whose attacker-controll
Command injection in Apache Airflow's BashOperator documentation example allows authenticated attackers to escalate priv
The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xco
CVE-2026-30911 is a security vulnerability (CVSS 8.1) that allows any authenticated task instance. High severity vulnera
Apache Airflow 3.0.0 through 3.1.x exposes JWT authentication tokens in application logs, allowing any authenticated UI
CVE-2026-28779 is a security vulnerability (CVSS 7.5) that allows any application co-hosted under the same domain. High
Apache Airflow 3.0.x prior to 3.2.0 allows remote unauthenticated attackers to trigger unauthorized DAG (Directed Acycli
{dag_id}` endpoint and its UI equivalent perform authorization only on the requested DAG identifier, not on the full fil
Apache Airflow REST API exposes provider secrets in plaintext through the task-instance detail and list endpoints when t
Sensitive credential exposure in Apache Airflow's Bulk Variables API allows authenticated users with bulk Variable read
CVE-2026-26929 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management proce
Incomplete authorization filtering in Apache Airflow's `/ui/dependencies` scheduling graph endpoint exposes restricted D
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42024
GHSA-9933-5rrp-mfwx