7.5

CVE-2026-31987

Apache Airflow: JWT token appearing in logs

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. 
Users are advised to upgrade to Airflow version that contains fix.

Users are recommended to upgrade to version 3.2.0, which fixes this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheAirflow Version >= 3.0.0 < 3.2.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.74% 0.497
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-532 Insertion of Sensitive Information into Log File

The product writes sensitive information to a log file.

https://github.com/apache/airflow/pull/62964
Patch
Third Party Advisory
Issue Tracking
https://github.com/apache/airflow/issues/62428
Issue Tracking
https://github.com/apache/airflow/issues/62773
Issue Tracking
https://lists.apache.org/thread/pvsrtxzwo9xy6xgknmwslv4zrw70kt6g
Vendor Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2026/04/16/7
Third Party Advisory
Mailing List