Is Apache Airflow affected by EUVD-2026-23233?

Apache Airflow versions 3.0.0 through 3.1.x inadvertently expose authentication tokens in application logs, enabling authenticated users with log access to impersonate DAG Authors and escalate privileges within workflow orchestration systems.

EUVD-2026-23233

| CVE-2026-31987 HIGH

2026-04-16 apache

GHSA-phv5-vq5p-qhp7

Information Disclosure Apache Airflow

7.5

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Analysis Generated

Apr 18, 2026 - 04:22 vuln.today

CVSS Changed

Apr 18, 2026 - 04:22 NVD

7.5 (HIGH)

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

3 pypi packages depend on apache-airflow (1 direct, 2 indirect)

Ecosystem-wide dependent count for version 3.0.0.

DescriptionNVD

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix.

Users are recommended to upgrade to version 3.2.0, which fixes this issue.

AnalysisAI

Apache Airflow 3.0.0 through 3.1.x exposes JWT authentication tokens in application logs, allowing any authenticated UI user with log access to escalate privileges and impersonate DAG Authors. CVSS rates this 7.5 HIGH for confidentiality impact, though the EPSS score of 0.02% (5th percentile) suggests minimal observed exploitation attempts. …

RemediationAI

Within 24 hours: Inventory all Apache Airflow deployments and identify instances running versions 3.0.0-3.1.x; restrict log file access to essential administrators only. Within 7 days: Apply vendor-released patch to upgrade to Apache Airflow 3.2.0 or later on all affected systems. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-23233 vulnerability details – vuln.today

Back

EUVD-2026-23233

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code