Skip to main content

Apache Airflow EUVDEUVD-2026-33567

| CVE-2026-45192 MEDIUM
Information Exposure (CWE-200)
2026-06-01 apache GHSA-2883-wwh7-x57v
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

5
Source Code Evidence Fetched
Jun 01, 2026 - 13:24 vuln.today
Analysis Generated
Jun 01, 2026 - 13:24 vuln.today
CVSS changed
Jun 01, 2026 - 13:22 NVD
6.5 (MEDIUM)
CVE Published
Jun 01, 2026 - 06:51 nvd
MEDIUM 6.5
CVE Published
Jun 01, 2026 - 06:51 nvd
UNKNOWN (no severity yet)

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 8 pypi packages depend on apache-airflow (4 direct, 4 indirect)

Ecosystem-wide dependent count for version 3.2.2.

DescriptionCVE.org

A bug in the GET /api/v2/connections/{connection_id} REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist (DEFAULT_SENSITIVE_FIELDS) - for example, official Slack-provider credential field names were returned in plaintext. Affects deployments that store credentials in Connection extra blobs and grant Connection-read access to multiple users. Users are advised to upgrade to apache-airflow 3.2.2 or later. As a defense-in-depth mitigation, deployment operators can store sensitive credential values in a secret-backend rather than inlined into the Connection's extra field.

AnalysisAI

{connection_id}) allows any authenticated user holding the Connection-read permission to retrieve plaintext secrets stored in a Connection's extra JSON blob, provided those credential field names - such as slack_webhook_url, bearer, dsn, auth_header, and service_key - were absent from the DEFAULT_SENSITIVE_FIELDS redaction allowlist prior to version 3.2.2. All Airflow deployments before 3.2.2 that store credentials inline in Connection extra fields and grant Connection-read access to more than one user are exposed to lateral credential theft within the platform. No public exploit code or active exploitation has been identified at time of analysis; however, the network-accessible vector and high confidentiality impact make this a meaningful priority in shared or multi-tenant Airflow environments.

Technical ContextAI

Apache Airflow (CPE: cpe:2.3:a:apache_software_foundation:apache_airflow:*:*:*:*:*:*:*:*) uses a secrets masker component located at shared/secrets_masker/src/airflow_shared/secrets_masker/secrets_masker.py to redact sensitive values from API responses before they reach the client. The redaction logic performs case-insensitive substring matching against a hardcoded DEFAULT_SENSITIVE_FIELDS allowlist - if a Connection extra blob contains a credential under a key not present in that list (e.g., webhook_url, bearer, dsn, service_key, auth_header), the value passes through the serializer unmasked. This is a textbook CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) root cause: the access control boundary exists (Connection-read permission is required) but the output sanitization is incomplete, creating an allowlist coverage gap rather than a deny-by-default redaction model. The PR diff confirms the fix is purely additive - six field name patterns were added to DEFAULT_SENSITIVE_FIELDS - which underscores that the redaction logic itself was sound but its coverage was incomplete for real-world provider credential schemas, particularly the official Slack provider.

RemediationAI

The primary fix is to upgrade Apache Airflow to version 3.2.2 or later, which expands DEFAULT_SENSITIVE_FIELDS to include auth_header, bearer, dsn, service_account, service_key, and webhook_url, as confirmed by the merged PR at https://github.com/apache/airflow/pull/66673. Until upgrade is possible, the vendor-recommended defense-in-depth mitigation is to migrate sensitive credential values out of Connection extra blobs and into a dedicated secret backend (e.g., HashiCorp Vault, AWS Secrets Manager, GCP Secret Manager) - this eliminates the attack surface entirely because extra blobs would no longer contain the sensitive values. A secondary operational control is to audit and restrict Connection-read permission grants, ensuring only operationally necessary accounts hold this privilege; however, this reduces the blast radius without eliminating the vulnerability. Note that simply rotating exposed credentials (webhook URLs, bearer tokens, DSNs) is a necessary remediation step for any deployment that may have already been affected - the allowlist gap existed for all prior versions, so credentials stored under affected field names should be treated as potentially compromised.

Share

EUVD-2026-33567 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy