Skip to main content

Apache Airflow

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-28563 PyPI MEDIUM PATCH This Month

CVE-2026-28563 is a security vulnerability (CVSS 4.3) that allows an authenticated user with only dag dependencies permission. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Authentication Bypass Apache Information Disclosure Debian Apache Airflow
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-26929 PyPI MEDIUM PATCH This Month

CVE-2026-26929 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Authentication Bypass Python Apache Information Disclosure Apache Airflow
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-30911 PyPI HIGH PATCH This Week

CVE-2026-30911 is a security vulnerability (CVSS 8.1) that allows any authenticated task instance. High severity vulnerability requiring prompt remediation. Vendor patch is available.

Authentication Bypass Apache Debian Apache Airflow
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-28779 PyPI HIGH PATCH This Week

CVE-2026-28779 is a security vulnerability (CVSS 7.5) that allows any application co-hosted under the same domain. High severity vulnerability requiring prompt remediation. Vendor patch is available.

Apache Information Disclosure Debian Apache Airflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-28563 PyPI
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

CVE-2026-28563 is a security vulnerability (CVSS 4.3) that allows an authenticated user with only dag dependencies permission. Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Authentication Bypass Apache Information Disclosure +2
NVD GitHub VulDB
CVE-2026-26929 PyPI
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

CVE-2026-26929 is a security vulnerability (CVSS 6.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Authentication Bypass Python Apache +2
NVD GitHub VulDB
CVE-2026-30911 PyPI
EPSS 0% CVSS 8.1
HIGH PATCH This Week

CVE-2026-30911 is a security vulnerability (CVSS 8.1) that allows any authenticated task instance. High severity vulnerability requiring prompt remediation. Vendor patch is available.

Authentication Bypass Apache Debian +1
NVD GitHub VulDB
CVE-2026-28779 PyPI
EPSS 0% CVSS 7.5
HIGH PATCH This Week

CVE-2026-28779 is a security vulnerability (CVSS 7.5) that allows any application co-hosted under the same domain. High severity vulnerability requiring prompt remediation. Vendor patch is available.

Apache Information Disclosure Debian +1
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy