Skip to main content

Apache Airflow CVE-2026-49296

| EUVDEUVD-2026-42027 MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-07-07 apache GHSA-4fh7-7jx4-8f6c
6.5
CVSS 3.1 · Vendor: apache
Share

Severity by source

Vendor (apache) PRIMARY
6.5 LOW
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
4.3 MEDIUM

Network API requires authenticated low-privilege user; only confidentiality impact from bounded source code disclosure; no integrity or availability effect.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (apache).

CVSS VectorVendor: apache

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
CVSS changed
Jul 07, 2026 - 14:22 NVD
6.5 (MEDIUM)
Analysis Generated
Jul 07, 2026 - 10:41 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 454 pypi packages depend on apache-airflow (429 direct, 30 indirect)

Ecosystem-wide dependent count for version 3.3.0.

DescriptionCVE.org

Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Dags co-located in the same source file. GET /api/v2/dagSources/{dag_id} - and the equivalent Dag-source view in the UI - returned the entire source file without redacting Dags the caller was not authorized to read, bypassing per-DAG read authorization. Deployments that co-locate multiple Dags in a single file and rely on per-DAG access control to limit source visibility are affected; single-Dag-per-file deployments are not. Upgrade to apache-airflow 3.3.0 or later.

AnalysisAI

{dag_id} endpoint and its UI equivalent perform authorization only on the requested DAG identifier, not on the full file contents returned. No public exploit has been identified and the issue is not listed in CISA KEV, but it directly undermines per-DAG access control in multi-tenant or team-partitioned Airflow deployments.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privilege Airflow account
Delivery
Identify a DAG ID accessible to the account
Exploit
Call GET /api/v2/dagSources/{dag_id} via API or UI
Execution
Receive full Python source file
Impact
Extract source of co-located unauthorized DAGs

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated Airflow user account with read access to at least one DAG. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No CVSS vector was published by NVD or the vendor; all metric assessments are independently inferred. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated Airflow user with read permission on DAG 'team_a_etl' - which shares a Python source file with 'team_b_pipeline' - calls `GET /api/v2/dagSources/team_a_etl`. The API returns the complete source file, exposing 'team_b_pipeline's implementation logic, any hardcoded parameters, and potentially sensitive operational details such as connection strings or business logic that Team B intended to keep confidential. …
Remediation Upgrade to Apache Airflow 3.3.0 or later, which resolves the issue via the fix introduced in https://github.com/apache/airflow/pull/67662. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-33264 CRITICAL
9.8 Jul 07

Remote code execution in Apache Airflow before 3.3.0 lets a DAG author embed a malicious trigger whose attacker-controll

CVE-2026-30898 HIGH
8.8 Apr 18

Command injection in Apache Airflow's BashOperator documentation example allows authenticated attackers to escalate priv

CVE-2025-54550 HIGH
8.1 Apr 15

The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xco

CVE-2026-30911 HIGH
8.1 Mar 17

CVE-2026-30911 is a security vulnerability (CVSS 8.1) that allows any authenticated task instance. High severity vulnera

CVE-2026-31987 HIGH
7.5 Apr 16

Apache Airflow 3.0.0 through 3.1.x exposes JWT authentication tokens in application logs, allowing any authenticated UI

CVE-2026-28779 HIGH
7.5 Mar 17

CVE-2026-28779 is a security vulnerability (CVSS 7.5) that allows any application co-hosted under the same domain. High

CVE-2026-32228 HIGH
7.5 Apr 18

Apache Airflow 3.0.x prior to 3.2.0 allows remote unauthenticated attackers to trigger unauthorized DAG (Directed Acycli

CVE-2026-49487 MEDIUM
6.5 Jul 07

Apache Airflow REST API exposes provider secrets in plaintext through the task-instance detail and list endpoints when t

CVE-2026-48828 MEDIUM
6.5 Jul 07

Sensitive credential exposure in Apache Airflow's Bulk Variables API allows authenticated users with bulk Variable read

CVE-2026-48892 MEDIUM
6.5 Jul 07

Apache Airflow's Config API leaks plaintext secrets-backend credentials to authenticated users with Config read permissi

CVE-2026-26929 MEDIUM
6.5 Mar 17

CVE-2026-26929 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management proce

CVE-2026-48891 MEDIUM
4.3 Jul 07

Incomplete authorization filtering in Apache Airflow's `/ui/dependencies` scheduling graph endpoint exposes restricted D

Share

CVE-2026-49296 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy