Skip to main content

Apache Airflow EUVDEUVD-2026-42029

| CVE-2026-49487 MEDIUM
Information Exposure (CWE-200)
2026-07-07 apache GHSA-22hf-vx2v-gjff
6.5
CVSS 3.1 · Vendor: apache
Share

Severity by source

Vendor (apache) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
6.5 MEDIUM

Network-accessible REST API, low complexity; PR:L because any authenticated user with DAG read access is sufficient; no integrity or availability impact, only secret disclosure.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (apache).

CVSS VectorVendor: apache

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

2
CVSS changed
Jul 07, 2026 - 14:22 NVD
6.5 (MEDIUM)
Analysis Generated
Jul 07, 2026 - 10:43 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 454 pypi packages depend on apache-airflow (429 direct, 30 indirect)

Ecosystem-wide dependent count for version 3.3.0.

DescriptionCVE.org

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret (for example a provider API key) into its trigger, any authenticated user with DAG-scoped task-instance read access for that DAG could read that secret in clear text while the task was deferred. Users should upgrade to apache-airflow 3.3.0 or later, which masks sensitive values in trigger kwargs returned by the API.

AnalysisAI

Apache Airflow REST API exposes provider secrets in plaintext through the task-instance detail and list endpoints when tasks are in a deferred state. Any authenticated user holding DAG-scoped task-instance read access - a permission commonly granted to non-admin roles - can retrieve API keys, passwords, or other secrets passed by deferred operators into trigger kwargs. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Airflow REST API
Delivery
Enumerate DAGs with deferred tasks via task-instance list endpoint
Exploit
Identify operators likely to carry secrets in trigger kwargs
Execution
Query task-instance detail endpoint during deferred window
Persist
Extract plaintext provider API key or password from trigger kwargs
Impact
Use harvested credential for lateral movement to connected cloud service

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) valid Airflow authentication credentials for any user account, (2) DAG-scoped task-instance read permission (a standard, non-admin RBAC role in Airflow) for the targeted DAG, (3) the target DAG must use a deferrable operator that passes a secret value - such as a provider API key or password - into the trigger kwargs rather than retrieving it at runtime, and (4) the task must be in a deferred state at the time of the API query. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No official CVSS vector was published at time of analysis, but the vulnerability characteristics point to a meaningful real-world risk in multi-tenant or shared Airflow deployments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A data analyst with legitimate DAG-scoped read access calls the Airflow REST API task-instance list endpoint while a Snowflake or AWS deferred operator is in a deferred state and then reads the unmasked trigger kwargs from the JSON response, recovering a cloud provider API key or database password in plaintext. No tooling beyond a standard HTTP client (curl, Postman) is required. …
Remediation Upgrade to Apache Airflow 3.3.0 or later, which applies secrets masking to trigger kwargs in all task-instance REST API responses. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-33264 CRITICAL
9.8 Jul 07

Remote code execution in Apache Airflow before 3.3.0 lets a DAG author embed a malicious trigger whose attacker-controll

CVE-2026-30898 HIGH
8.8 Apr 18

Command injection in Apache Airflow's BashOperator documentation example allows authenticated attackers to escalate priv

CVE-2025-54550 HIGH
8.1 Apr 15

The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xco

CVE-2026-30911 HIGH
8.1 Mar 17

CVE-2026-30911 is a security vulnerability (CVSS 8.1) that allows any authenticated task instance. High severity vulnera

CVE-2026-31987 HIGH
7.5 Apr 16

Apache Airflow 3.0.0 through 3.1.x exposes JWT authentication tokens in application logs, allowing any authenticated UI

CVE-2026-28779 HIGH
7.5 Mar 17

CVE-2026-28779 is a security vulnerability (CVSS 7.5) that allows any application co-hosted under the same domain. High

CVE-2026-32228 HIGH
7.5 Apr 18

Apache Airflow 3.0.x prior to 3.2.0 allows remote unauthenticated attackers to trigger unauthorized DAG (Directed Acycli

CVE-2026-49296 MEDIUM
6.5 Jul 07

{dag_id}` endpoint and its UI equivalent perform authorization only on the requested DAG identifier, not on the full fil

CVE-2026-48828 MEDIUM
6.5 Jul 07

Sensitive credential exposure in Apache Airflow's Bulk Variables API allows authenticated users with bulk Variable read

CVE-2026-48892 MEDIUM
6.5 Jul 07

Apache Airflow's Config API leaks plaintext secrets-backend credentials to authenticated users with Config read permissi

CVE-2026-26929 MEDIUM
6.5 Mar 17

CVE-2026-26929 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management proce

CVE-2026-48891 MEDIUM
4.3 Jul 07

Incomplete authorization filtering in Apache Airflow's `/ui/dependencies` scheduling graph endpoint exposes restricted D

Share

EUVD-2026-42029 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy