EUVD-2026-33587
GHSA-2r5m-76wx-56gx
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
6Blast Radius
ecosystem impact- 446 pypi packages depend on apache-airflow (422 direct, 29 indirect)
Ecosystem-wide dependent count for version 3.2.2.
Description PRE-NVD
AnalysisAI
Arbitrary Python module import in Apache Airflow versions prior to 3.2.2 occurs when the scheduler deserializes custom DeadlineReference objects, because the prior implementation called import_string() directly on an attacker-controllable __class_path field. Rated CVSS 7.3 with low confidentiality/integrity/availability impact, this issue has no public exploit identified at time of analysis and EPSS estimates exploitation probability at 0.02% (6th percentile).
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to control the __class_path value inside a serialized custom DeadlineReference payload that the Airflow scheduler will deserialize - in practice this means the ability to author or modify a DAG that uses a custom DeadlineReference subclass, or to write into the Airflow metadata database holding serialized DAGs/deadlines. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals here are mixed and lean toward a moderate, not urgent, priority. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with the ability to publish or modify a DAG (for example, a tenant with DAG-author privileges in a shared Airflow deployment) crafts a serialized DeadlineReference whose __class_path points to an arbitrary Python module. When the scheduler deserializes the DAG, it imports the referenced module, executing its top-level code and producing limited integrity, confidentiality, or availability effects depending on the chosen module. … |
| Remediation | Upgrade Apache Airflow to version 3.2.2 or later, which replaces the unrestricted import_string() call in deadline deserialization with a plugin-registry lookup (see PR https://github.com/apache/airflow/pull/66737 and the Apache announcement at https://lists.apache.org/thread/q227dghjwgfz8xsxrf2pwpz4wk43zm83). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify and document all Apache Airflow instances and current versions in use. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More from same product – last 7 days
Authentication bypass in StarTree mcp-pinot versions 3.0.1 and earlier exposes the Model Context Protocol HTTP server on
Unauthenticated remote code execution in IBM Langflow OSS versions 1.0.0 through 1.9.3 allows attackers to fully comprom
Cross-user flow execution in Langflow versions prior to 1.9.1 allows any authenticated API user to run another user's fl
Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in
InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a co
Share
External POC / Exploit Code
Leaving vuln.today