Skip to main content

Apache Airflow CVE-2026-59245

HIGH
Improper Privilege Management (CWE-269)
2026-07-13 apache
8.1
CVSS 3.1 · NVD
Share

Severity by source

Vendor (apache) PRIMARY
MEDIUM
qualitative
NVD
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
vuln.today AI
6.8 MEDIUM

Web/API reachable (AV:N) by an authenticated low-priv user (PR:L), but requires a DAG named 'DAGs' plus an admin-issued grant outside attacker control (AC:H); read/edit of all DAGs gives C:H/I:H, no availability impact (A:N).

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
4.0 AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (apache).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

7
Analysis Updated
Jul 14, 2026 - 01:28 vuln.today
v3 (cvss_changed)
Source Code Evidence Fetched
Jul 14, 2026 - 01:28 vuln.today
Analysis Updated
Jul 14, 2026 - 01:28 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 14, 2026 - 01:22 vuln.today
cvss_changed
CVSS changed
Jul 14, 2026 - 01:22 NVD
8.1 (HIGH)
Analysis Generated
Jul 13, 2026 - 15:46 vuln.today
CVE Published
Jul 13, 2026 - 15:05 cve.org
MEDIUM

DescriptionNVD

In the Apache Airflow FAB auth manager, a DAG whose dag_id is DAGs collided with the global all-DAGs permission resource name produced by resource_name(), so a user granted per-DAG access_control on that one DAG was silently granted the global all-DAGs permission (privilege escalation). The escalation triggers when a DAG named DAGs exists and a lower-privileged user is given per-DAG access to it, granting that user read/edit access to every DAG. Users are advised to upgrade to apache-airflow-providers-fab 3.7.2 or later, which disambiguates the resource-name collision.

AnalysisAI

Privilege escalation in the Apache Airflow FAB auth manager (apache-airflow-providers-fab before 3.7.2) lets a low-privileged user who is granted per-DAG access to a DAG literally named 'DAGs' silently receive the global all-DAGs permission, gaining read and edit access to every DAG in the deployment. The flaw stems from a resource-name collision in resource_name(), where the reserved global resource string 'DAGs' is indistinguishable from a legitimate dag_id of the same value. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privileged Airflow user
Delivery
Obtain per-DAG grant on DAG named 'DAGs'
Exploit
resource_name() collides with global all-DAGs resource
Execution
Silently receive global all-DAGs permission
Impact
Read and edit every DAG in deployment

Vulnerability AssessmentAI

Exploitation Exploitation requires two concrete, non-default conditions: (1) a DAG must exist whose dag_id is exactly the string 'DAGs' (the same value as the reserved global all-DAGs resource name RESOURCE_DAG), and (2) an administrator must grant a lower-privileged FAB user per-DAG access_control on that specific 'DAGs' DAG. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 3.1 score is 8.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N), reflecting network-reachable, low-privilege authenticated abuse with high confidentiality and integrity impact but no availability impact. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario In an Airflow deployment using the FAB auth manager, an administrator creates or already has a DAG whose dag_id is 'DAGs' and grants a low-privileged analyst per-DAG access to it via access_control. Because the vulnerable resource_name() maps 'DAGs' to the global all-DAGs permission resource, the analyst silently gains read and edit rights over every DAG in the environment, allowing them to view sensitive workflow definitions and modify pipelines they were never meant to touch. …
Remediation Vendor-released patch: upgrade apache-airflow-providers-fab to 3.7.2 or later, which disambiguates the resource-name collision so a DAG named 'DAGs' resolves to its own 'DAG:DAGs' resource; this is the primary and recommended fix (see PR https://github.com/apache/airflow/pull/69106 and advisory https://lists.apache.org/thread/70f37q3mwov1vm3zolrfxlzds278c78h). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, audit access logs to identify any low-privileged users who have accessed or attempted to access a workflow literally named 'DAGs', and review their current permission scope. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-59245 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy