Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Network-accessible endpoint requires authenticated partial DAG read access (PR:L); impact is confined to DAG identifier disclosure only (C:L), with no integrity or availability effect.
Primary rating from Vendor (apache).
CVSS VectorVendor: apache
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
2Blast Radius
ecosystem impact- 454 pypi packages depend on apache-airflow (429 direct, 30 indirect)
Ecosystem-wide dependent count for version 3.3.0.
DescriptionCVE.org
A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with read permission on some Dags could enumerate the identifiers of other Dags they were not authorized to read by inspecting the dependency graph for trigger / sensor references. Affects deployments that rely on per-Dag read scoping to keep Dag identifiers private across teams. This is a residual gap in the fix for CVE-2026-28563, which filtered the top-level Dag key but did not propagate the filter into the trigger / sensor dep-source / dep-target fields. Users who already upgraded for CVE-2026-28563 should additionally upgrade to apache-airflow 3.3.0 or later to cover the residual trigger / sensor dependency leak.
AnalysisAI
Incomplete authorization filtering in Apache Airflow's /ui/dependencies scheduling graph endpoint exposes restricted DAG identifiers to authenticated users who lack read permission on those DAGs. The endpoint correctly filters top-level serialized DAG keys against the caller's ACL but leaks referenced DAG IDs through dep.source and dep.target fields of trigger and sensor dependency entries, enabling cross-team DAG enumeration in multi-tenant deployments. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires an authenticated Airflow UI session with read permission on at least one DAG - unauthenticated access is not sufficient. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | No CVSS vector or EPSS score is provided in the available intelligence, which limits quantitative risk comparison. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated Airflow UI user with read access to a subset of DAGs in a multi-team deployment sends a request to the `/ui/dependencies` endpoint using standard browser developer tools or an HTTP client. By parsing the JSON response, the attacker reads `dep.source` and `dep.target` field values in trigger and sensor dependency objects, extracting DAG identifiers outside their authorized scope. … |
| Remediation | Upgrade to apache-airflow 3.3.0 or later, which extends the CVE-2026-28563 filter to cover `dep.source` and `dep.target` fields in trigger and sensor dependency entries. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Apache Airflow
View allRemote code execution in Apache Airflow before 3.3.0 lets a DAG author embed a malicious trigger whose attacker-controll
Command injection in Apache Airflow's BashOperator documentation example allows authenticated attackers to escalate priv
The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xco
CVE-2026-30911 is a security vulnerability (CVSS 8.1) that allows any authenticated task instance. High severity vulnera
Apache Airflow 3.0.0 through 3.1.x exposes JWT authentication tokens in application logs, allowing any authenticated UI
CVE-2026-28779 is a security vulnerability (CVSS 7.5) that allows any application co-hosted under the same domain. High
Apache Airflow 3.0.x prior to 3.2.0 allows remote unauthenticated attackers to trigger unauthorized DAG (Directed Acycli
{dag_id}` endpoint and its UI equivalent perform authorization only on the requested DAG identifier, not on the full fil
Apache Airflow REST API exposes provider secrets in plaintext through the task-instance detail and list endpoints when t
Sensitive credential exposure in Apache Airflow's Bulk Variables API allows authenticated users with bulk Variable read
Apache Airflow's Config API leaks plaintext secrets-backend credentials to authenticated users with Config read permissi
CVE-2026-26929 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management proce
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42025
GHSA-3322-mjxh-9mp5