7.2
CVE-2026-40961
- EPSS 0.65%
- Veröffentlicht 01.06.2026 09:16:18
- Zuletzt bearbeitet 02.06.2026 18:49:33
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache Airflow: Open Redirect Bypass Vulnerability
A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deployment operators can place Airflow behind a reverse proxy that strips off-domain `next=` query parameters before they reach the login endpoint.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.65% | 0.467 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.2 | 3.9 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')
The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
https://github.com/apache/airflow/pull/65557
https://lists.apache.org/thread/qmt8ksh7gty6b8hr9w294t94j36jdv1q
http://www.openwall.com/lists/oss-security/2026/05/31/2