Skip to main content

Apache Airflow EUVDEUVD-2026-42025

| CVE-2026-48891 MEDIUM
Information Exposure (CWE-200)
2026-07-07 apache GHSA-3322-mjxh-9mp5
4.3
CVSS 3.1 · Vendor: apache
Share

Severity by source

Vendor (apache) PRIMARY
4.3 LOW
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
vuln.today AI
4.3 MEDIUM

Network-accessible endpoint requires authenticated partial DAG read access (PR:L); impact is confined to DAG identifier disclosure only (C:L), with no integrity or availability effect.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (apache).

CVSS VectorVendor: apache

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
CVSS changed
Jul 07, 2026 - 14:22 NVD
4.3 (MEDIUM)
Analysis Generated
Jul 07, 2026 - 10:40 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 454 pypi packages depend on apache-airflow (429 direct, 30 indirect)

Ecosystem-wide dependent count for version 3.3.0.

DescriptionCVE.org

A bug in Apache Airflow's /ui/dependencies scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the dep.source and dep.target fields of trigger / sensor dependency entries. An authenticated UI user with read permission on some Dags could enumerate the identifiers of other Dags they were not authorized to read by inspecting the dependency graph for trigger / sensor references. Affects deployments that rely on per-Dag read scoping to keep Dag identifiers private across teams. This is a residual gap in the fix for CVE-2026-28563, which filtered the top-level Dag key but did not propagate the filter into the trigger / sensor dep-source / dep-target fields. Users who already upgraded for CVE-2026-28563 should additionally upgrade to apache-airflow 3.3.0 or later to cover the residual trigger / sensor dependency leak.

AnalysisAI

Incomplete authorization filtering in Apache Airflow's /ui/dependencies scheduling graph endpoint exposes restricted DAG identifiers to authenticated users who lack read permission on those DAGs. The endpoint correctly filters top-level serialized DAG keys against the caller's ACL but leaks referenced DAG IDs through dep.source and dep.target fields of trigger and sensor dependency entries, enabling cross-team DAG enumeration in multi-tenant deployments. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Airflow UI with partial DAG read access
Delivery
Request /ui/dependencies scheduling graph endpoint
Exploit
Parse dep.source and dep.target fields in JSON response
Execution
Enumerate restricted DAG identifiers across team boundaries
Impact
Use discovered DAG names for targeted reconnaissance or access escalation requests

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated Airflow UI session with read permission on at least one DAG - unauthenticated access is not sufficient. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No CVSS vector or EPSS score is provided in the available intelligence, which limits quantitative risk comparison. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated Airflow UI user with read access to a subset of DAGs in a multi-team deployment sends a request to the `/ui/dependencies` endpoint using standard browser developer tools or an HTTP client. By parsing the JSON response, the attacker reads `dep.source` and `dep.target` field values in trigger and sensor dependency objects, extracting DAG identifiers outside their authorized scope. …
Remediation Upgrade to apache-airflow 3.3.0 or later, which extends the CVE-2026-28563 filter to cover `dep.source` and `dep.target` fields in trigger and sensor dependency entries. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-33264 CRITICAL
9.8 Jul 07

Remote code execution in Apache Airflow before 3.3.0 lets a DAG author embed a malicious trigger whose attacker-controll

CVE-2026-30898 HIGH
8.8 Apr 18

Command injection in Apache Airflow's BashOperator documentation example allows authenticated attackers to escalate priv

CVE-2025-54550 HIGH
8.1 Apr 15

The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xco

CVE-2026-30911 HIGH
8.1 Mar 17

CVE-2026-30911 is a security vulnerability (CVSS 8.1) that allows any authenticated task instance. High severity vulnera

CVE-2026-31987 HIGH
7.5 Apr 16

Apache Airflow 3.0.0 through 3.1.x exposes JWT authentication tokens in application logs, allowing any authenticated UI

CVE-2026-28779 HIGH
7.5 Mar 17

CVE-2026-28779 is a security vulnerability (CVSS 7.5) that allows any application co-hosted under the same domain. High

CVE-2026-32228 HIGH
7.5 Apr 18

Apache Airflow 3.0.x prior to 3.2.0 allows remote unauthenticated attackers to trigger unauthorized DAG (Directed Acycli

CVE-2026-49296 MEDIUM
6.5 Jul 07

{dag_id}` endpoint and its UI equivalent perform authorization only on the requested DAG identifier, not on the full fil

CVE-2026-49487 MEDIUM
6.5 Jul 07

Apache Airflow REST API exposes provider secrets in plaintext through the task-instance detail and list endpoints when t

CVE-2026-48828 MEDIUM
6.5 Jul 07

Sensitive credential exposure in Apache Airflow's Bulk Variables API allows authenticated users with bulk Variable read

CVE-2026-48892 MEDIUM
6.5 Jul 07

Apache Airflow's Config API leaks plaintext secrets-backend credentials to authenticated users with Config read permissi

CVE-2026-26929 MEDIUM
6.5 Mar 17

CVE-2026-26929 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management proce

Share

EUVD-2026-42025 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy