Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
8Blast Radius
ecosystem impact- 4 pypi packages depend on apache-airflow-core (2 direct, 2 indirect)
Ecosystem-wide dependent count for version 3.0.0.
DescriptionCVE.org
UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue.
AnalysisAI
Apache Airflow 3.0.x prior to 3.2.0 allows remote unauthenticated attackers to trigger unauthorized DAG (Directed Acyclic Graph) execution via the UI or API, bypassing asset materialize permission checks. Despite CVSS 7.5 HIGH, the CVSS vector (PR:N) contradicts the description's requirement for 'UI/API user with asset materialize permission', suggesting authentication IS required-a critical discrepancy that demands verification. EPSS of 0.01% (3rd percentile) indicates minimal observed exploitation activity. Vendor-released patch available in Airflow 3.2.0 per Apache advisory.
Technical ContextAI
Apache Airflow is a workflow orchestration platform where DAGs define task dependencies and execution schedules. This vulnerability stems from CWE-863 (Incorrect Authorization), specifically in the asset materialization feature introduced in Airflow 3.0.x. The flaw occurs when users holding 'asset materialize' permissions interact with the UI or REST API-the authorization check incorrectly validates the materialize permission but fails to verify DAG-level execution permissions. This broken access control allows authenticated users to trigger execution of DAGs outside their assigned scope. The affected component is the asset materialization workflow handler, likely in the API endpoint or UI controller responsible for processing materialization requests. CPE identifies the vulnerability in apache_software_foundation:apache_airflow across the 3.0.x branch.
RemediationAI
Upgrade Apache Airflow to version 3.2.0 or later, which contains the authorization check fix per Apache Security Team advisory (https://lists.apache.org/thread/s7c75txgt4qf2rofcn43szfwgcrzy0nj). The fix is implemented in GitHub pull request #63338 (https://github.com/apache/airflow/pull/63338). For environments unable to immediately upgrade, implement compensating controls: restrict access to the Airflow UI and API endpoints to only fully trusted users by enforcing network segmentation (e.g., limit access to internal VPN or bastion hosts); disable the asset materialization feature entirely if not business-critical by removing asset materialize permissions from all user roles and blocking related API endpoints at the reverse proxy layer (note: this eliminates the feature's functionality); audit existing DAG execution logs for unauthorized triggers by correlating user permissions with executed DAG IDs over the past 90 days to identify potential prior exploitation. These workarounds reduce attack surface but do not eliminate the underlying authorization flaw-upgrade remains the definitive remediation.
More in Apache Airflow
View allRemote code execution in Apache Airflow before 3.3.0 lets a DAG author embed a malicious trigger whose attacker-controll
Command injection in Apache Airflow's BashOperator documentation example allows authenticated attackers to escalate priv
The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xco
CVE-2026-30911 is a security vulnerability (CVSS 8.1) that allows any authenticated task instance. High severity vulnera
Apache Airflow 3.0.0 through 3.1.x exposes JWT authentication tokens in application logs, allowing any authenticated UI
CVE-2026-28779 is a security vulnerability (CVSS 7.5) that allows any application co-hosted under the same domain. High
{dag_id}` endpoint and its UI equivalent perform authorization only on the requested DAG identifier, not on the full fil
Apache Airflow REST API exposes provider secrets in plaintext through the task-instance detail and list endpoints when t
Sensitive credential exposure in Apache Airflow's Bulk Variables API allows authenticated users with bulk Variable read
Apache Airflow's Config API leaks plaintext secrets-backend credentials to authenticated users with Config read permissi
CVE-2026-26929 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management proce
Incomplete authorization filtering in Apache Airflow's `/ui/dependencies` scheduling graph endpoint exposes restricted D
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-23664
GHSA-h97w-pm3w-mwmc