Skip to main content

Apache Airflow EUVDEUVD-2026-33590

| CVE-2026-42360 MEDIUM
Information Exposure (CWE-200)
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

6
Source Code Evidence Fetched
Jun 01, 2026 - 15:23 vuln.today
Analysis Generated
Jun 01, 2026 - 15:23 vuln.today
CVSS changed
Jun 01, 2026 - 15:22 NVD
6.5 (MEDIUM)
Patch available
Jun 01, 2026 - 10:01 EUVD
CVE Published
May 31, 2026 - 12:45 nvd
UNKNOWN (no severity yet)
CVE Published
May 31, 2026 - 12:45 nvd
MEDIUM 6.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 8 pypi packages depend on apache-airflow (4 direct, 4 indirect)

Ecosystem-wide dependent count for version 3.2.2.

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Rendered template field serialization in Apache Airflow before 3.2.2 exposes nested secrets in cleartext when template field values exceed the configured max_templated_field_length threshold. Authenticated low-privilege users with access to rendered template views can read values stored under documented sensitive keys (password, token, secret, api_key) embedded in nested dictionaries - the pre-fix code stringified the structured object before invoking the secrets masker, destroying the nested key context required for recursive redaction. No public exploit is identified at time of analysis; EPSS is 0.02% (5th percentile), and this CVE is not listed in the CISA KEV catalog.

Technical ContextAI

The vulnerability is rooted in the serialization helpers used by two Airflow components: airflow-core/src/airflow/serialization/helpers.py and task-sdk/src/airflow/sdk/execution_time/task_runner.py. Both files implement a serialize_object function that handles rendered template fields. When a template field value - such as a nested dictionary passed via an operator's template_fields (e.g., templates_dict, env_vars) - exceeds the AIRFLOW__CORE__MAX_TEMPLATED_FIELD_LENGTH threshold (default 4096 characters), the truncation code path is triggered. In the vulnerable version, the code called redact(str(serialized), name): the structured Python object was converted to a string first, then passed to the secrets masker. The masker's recursive walker traverses key-value structure to identify sensitive field names, but once the dict is stringified, that structural context is destroyed - the masker sees only the outer field name and cannot recurse into nested keys. The fix, applied in PR #65906, reverses the order to redact(serialized, name), redacting while the value remains a structured object before stringifying the result. CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) correctly classifies this root cause: a code path ordering defect causes the masking mechanism to silently fail for nested structures on the truncation path.

RemediationAI

Upgrade to Apache Airflow 3.2.2 or later, which contains the fix applied via GitHub PR #65906 (https://github.com/apache/airflow/pull/65906) to both airflow-core and task-sdk serialization helpers. The Apache advisory thread is at https://lists.apache.org/thread/obj79bpxnl7r5olz1gsn0g94y88glnl4. Where immediate upgrade is not possible, two compensating controls may reduce exposure: first, lower AIRFLOW__CORE__MAX_TEMPLATED_FIELD_LENGTH to a value smaller than any expected nested template dict in use, which prevents triggering the truncation code path entirely - note this may cause legitimate large template fields to be silently truncated and reduce observability into rendered fields. Second, restrict rendered-template view access via Airflow RBAC to administrators only, limiting the audience who can observe any cleartext leakage - this does not fix the underlying masking failure but reduces who can exploit it. As a defense-in-depth measure independent of patching, avoid embedding raw plaintext secrets directly in DAG template fields; use Airflow Connections or Variables backed by an external secret store (HashiCorp Vault, AWS Secrets Manager) so that sensitive values are retrieved at runtime rather than rendered into template fields.

Share

EUVD-2026-33590 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy