| CVE-2026-42359 |
high |
8.8 |
8.8 |
|
|
|
3d ago |
A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names (… |
| CVE-2026-25917 |
high |
— |
8.0 |
|
|
|
2mo ago |
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly tr… |
| CVE-2026-41084 |
high |
7.5 |
7.5 |
|
|
|
3d ago |
A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`) evaluated authorization against the `dag_id` resolved from the URL path whi… |
| CVE-2026-45360 |
high |
7.3 |
7.3 |
|
|
|
3d ago |
Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialize… |
| CVE-2026-48726 |
medium |
6.5 |
6.5 |
|
|
|
3d ago |
A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `KeycloakAuthManager` … |
| CVE-2026-42360 |
medium |
6.5 |
6.5 |
|
|
|
3d ago |
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g. nested `password` / `token` / `secret` / `api_key` keys inside a JSON template structure) to be by… |
| CVE-2026-40861 |
medium |
6.5 |
6.5 |
|
|
|
3d ago |
A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg… |
| CVE-2026-45192 |
medium |
6.5 |
6.5 |
|
|
|
3d ago |
A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connect… |
| CVE-2026-41017 |
medium |
5.9 |
5.9 |
|
|
|
3d ago |
Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy (e.g. nginx / Envoy … |
| CVE-2026-40690 |
medium |
— |
5.5 |
|
|
|
1mo ago |
Apache Airflow's asset dependency graph did not restrict nodes by the viewer's DAG read permissions |
| CVE-2026-38743 |
medium |
— |
5.5 |
|
|
|
1mo ago |
Apache Airflow's authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance record |
| CVE-2026-41014 |
medium |
4.3 |
4.3 |
|
|
|
3d ago |
The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerat… |
| CVE-2026-45426 |
low |
3.1 |
3.1 |
|
|
|
3d ago |
Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against … |
| CVE-2020-13927 |
unknown |
— |
2.5 |
|
|
|
5y ago |
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication. |
| CVE-2020-11978 |
unknown |
— |
2.5 |
|
|
|
6y ago |
A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow. |
