Apache

Airflow

145 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 1.65%
  • Veröffentlicht 07.07.2026 09:20:18
  • Zuletzt bearbeitet 08.07.2026 19:37:10

A bug in `BaseSerialization.deserialize()` allowed unrestricted `import_string()` of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code ...

  • EPSS 0.44%
  • Veröffentlicht 07.07.2026 09:19:36
  • Zuletzt bearbeitet 09.07.2026 13:17:08

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret (for example a provider API key) into its trigger, any authentica...

  • EPSS 0.66%
  • Veröffentlicht 07.07.2026 09:18:53
  • Zuletzt bearbeitet 08.07.2026 19:26:11

The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so the key-based `should_hide_value_for_key` check (which triggers on secret-suffixed key names like `*_password` / `*_token` / `*_secret`) could not fir...

  • EPSS 0.6%
  • Veröffentlicht 07.07.2026 09:18:12
  • Zuletzt bearbeitet 08.07.2026 20:04:17

Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Dags co-located in the same source file. `GET /api/v2/dagSources/{dag_id}` — and the equivalent Dag-source view in the UI — returned the entire source f...

  • EPSS 0.36%
  • Veröffentlicht 07.07.2026 09:17:28
  • Zuletzt bearbeitet 09.07.2026 13:16:42

A bug in Apache Airflow's `/ui/dependencies` scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the `dep.source` and `dep.target` fields of trigger / sen...

  • EPSS 0.44%
  • Veröffentlicht 07.07.2026 09:16:26
  • Zuletzt bearbeitet 09.07.2026 13:16:57

The Config API in Apache Airflow surfaced per-key secrets-backend overrides (environment variables like `AIRFLOW__SECRETS__BACKEND_KWARG__SECRET_ID` and `AIRFLOW__WORKERS__SECRETS_BACKEND_KWARG__SECRET_ID`) as synthetic config options whose option na...

  • EPSS 0.35%
  • Veröffentlicht 01.06.2026 09:16:20
  • Zuletzt bearbeitet 02.06.2026 17:16:35

The Event Log detail endpoint `GET /api/v2/eventLogs/{event_log_id}` in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint `GET /api/v2/eventLogs` applied per-...

  • EPSS 0.37%
  • Veröffentlicht 01.06.2026 09:16:20
  • Zuletzt bearbeitet 03.06.2026 02:06:43

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `KeycloakAuthManager` did not actually reach the underlying `revoke_token...

  • EPSS 0.19%
  • Veröffentlicht 01.06.2026 09:16:20
  • Zuletzt bearbeitet 03.06.2026 02:06:28

Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used `[email] smtp_starttls=True` without `[email] smtp_ssl`. An attack...

  • EPSS 0.49%
  • Veröffentlicht 01.06.2026 09:16:20
  • Zuletzt bearbeitet 03.06.2026 02:06:10

A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kub...