VIR Vulnerability Intelligence Relay

Package impact

python PyPI / apache-airflow

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-48726 medium 6.5 6.5 3d ago A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `KeycloakAuthManager` …
CVE-2026-42360 medium 6.5 6.5 3d ago A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g. nested `password` / `token` / `secret` / `api_key` keys inside a JSON template structure) to be by…
CVE-2026-40861 medium 6.5 6.5 3d ago A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg…
CVE-2026-45192 medium 6.5 6.5 3d ago A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connect…
CVE-2026-41017 medium 5.9 5.9 3d ago Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy (e.g. nginx / Envoy …
CVE-2026-38743 medium 5.5 1mo ago Apache Airflow's authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance record
CVE-2026-40690 medium 5.5 1mo ago Apache Airflow's asset dependency graph did not restrict nodes by the viewer's DAG read permissions
CVE-2026-41014 medium 4.3 4.3 3d ago The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerat…
CVE-2026-45426 low 3.1 3.1 3d ago Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against …