CVE-2026-31987

EPSS 0.12%
Veröffentlicht 16.04.2026 13:31:52
Zuletzt bearbeitet 20.04.2026 16:54:59
Quelle security@apache.org
CVE-Watchlists
Login
Unerledigt
Login

Apache Airflow: JWT token appearing in logs

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. 
Users are advised to upgrade to Airflow version that contains fix.

Users are recommended to upgrade to version 3.2.0, which fixes this issue.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Airflow Version >= 3.0.0 < 3.2.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.12%	0.298

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://github.com/apache/airflow/pull/62964

Patch

Third Party Advisory

Issue Tracking

https://github.com/apache/airflow/issues/62428

Issue Tracking

https://github.com/apache/airflow/issues/62773

Issue Tracking

https://lists.apache.org/thread/pvsrtxzwo9xy6xgknmwslv4zrw70kt6g

Vendor Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2026/04/16/7

Third Party Advisory

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2026-31987

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-31987

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-31987

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-31987