Skip to main content

Apache Airflow EUVDEUVD-2026-23660

| CVE-2026-30898 HIGH
Command Injection (CWE-77)
2026-04-18 apache GHSA-6337-2587-f2jq
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

8
Analysis Updated
Apr 21, 2026 - 14:58 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 20, 2026 - 19:07 vuln.today
cvss_changed
Analysis Generated
Apr 20, 2026 - 16:23 vuln.today
CVSS changed
Apr 20, 2026 - 16:22 NVD
8.8 (HIGH)
EUVD ID Assigned
Apr 18, 2026 - 07:00 euvd
EUVD-2026-23660
Analysis Generated
Apr 18, 2026 - 07:00 vuln.today
Patch released
Apr 18, 2026 - 07:00 nvd
Patch available
CVE Published
Apr 18, 2026 - 06:20 nvd
HIGH 8.8

DescriptionCVE.org

An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted this incorrect advice.

AnalysisAI

Command injection in Apache Airflow's BashOperator documentation example allows authenticated attackers to escalate privileges from UI user to worker-level code execution. Affects all Airflow versions before 3.2.0. The vulnerability stems from documentation suggesting unsafe handling of dag_run.conf parameters, which organizations may have replicated in production DAGs. EPSS score of 0.03% indicates low observed exploitation probability, though the upstream fix (PR #64129) demonstrates vendor acknowledgment and remediation.

Technical ContextAI

Apache Airflow is a platform for programmatically authoring, scheduling, and monitoring workflows as directed acyclic graphs (DAGs). The BashOperator component executes bash commands as part of workflow tasks. The vulnerability (CWE-77: Improper Neutralization of Special Elements used in a Command) arose from documentation demonstrating unsafe templating of dag_run.conf user inputs directly into BashOperator commands without sanitization. When dag_run.conf parameters - which authenticated UI users can control through the Airflow interface - are passed to bash execution contexts, attackers can inject shell metacharacters to execute arbitrary commands with the privileges of the Airflow worker process. This represents a privilege escalation from UI-level authenticated access to worker-level code execution, potentially compromising the entire workflow orchestration environment.

RemediationAI

Upgrade to Apache Airflow 3.2.0 or later, which includes corrected documentation and secure BashOperator examples per GitHub PR #64129 (https://github.com/apache/airflow/pull/64129). Review official security advisory at https://lists.apache.org/thread/26zmhfj1t95c1hld2r14ho81nzh1bdc8 for vendor guidance. CRITICAL INTERIM STEP: Audit all custom DAG implementations for unsafe dag_run.conf parameter handling in BashOperator commands. Search DAG code for patterns like BashOperator(bash_command=f'command {dag_run.conf}') or similar templating that concatenates user-controlled conf values into shell commands without validation. Compensating controls prior to upgrade: implement input validation/sanitization for all dag_run.conf parameters before use in BashOperator contexts using allowlists for permitted characters (reject shell metacharacters: semicolons, pipes, backticks, dollar signs, ampersands); alternatively, refactor vulnerable DAGs to use PythonOperator with subprocess.run() and shell=False, which prevents shell injection by avoiding shell interpretation entirely (trade-off: requires code refactoring versus quick validation fixes). Restrict DAG authoring permissions to prevent introduction of new vulnerable patterns during remediation period (trade-off: may impact development velocity). These mitigations reduce attack surface but code review and upgrading remain definitive solutions.

CVE-2026-33264 CRITICAL
9.8 Jul 07

Remote code execution in Apache Airflow before 3.3.0 lets a DAG author embed a malicious trigger whose attacker-controll

CVE-2025-54550 HIGH
8.1 Apr 15

The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xco

CVE-2026-30911 HIGH
8.1 Mar 17

CVE-2026-30911 is a security vulnerability (CVSS 8.1) that allows any authenticated task instance. High severity vulnera

CVE-2026-31987 HIGH
7.5 Apr 16

Apache Airflow 3.0.0 through 3.1.x exposes JWT authentication tokens in application logs, allowing any authenticated UI

CVE-2026-28779 HIGH
7.5 Mar 17

CVE-2026-28779 is a security vulnerability (CVSS 7.5) that allows any application co-hosted under the same domain. High

CVE-2026-32228 HIGH
7.5 Apr 18

Apache Airflow 3.0.x prior to 3.2.0 allows remote unauthenticated attackers to trigger unauthorized DAG (Directed Acycli

CVE-2026-49296 MEDIUM
6.5 Jul 07

{dag_id}` endpoint and its UI equivalent perform authorization only on the requested DAG identifier, not on the full fil

CVE-2026-49487 MEDIUM
6.5 Jul 07

Apache Airflow REST API exposes provider secrets in plaintext through the task-instance detail and list endpoints when t

CVE-2026-48828 MEDIUM
6.5 Jul 07

Sensitive credential exposure in Apache Airflow's Bulk Variables API allows authenticated users with bulk Variable read

CVE-2026-48892 MEDIUM
6.5 Jul 07

Apache Airflow's Config API leaks plaintext secrets-backend credentials to authenticated users with Config read permissi

CVE-2026-26929 MEDIUM
6.5 Mar 17

CVE-2026-26929 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management proce

CVE-2026-48891 MEDIUM
4.3 Jul 07

Incomplete authorization filtering in Apache Airflow's `/ui/dependencies` scheduling graph endpoint exposes restricted D

Share

EUVD-2026-23660 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy