Apache

Airflow

145 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.34%
  • Veröffentlicht 01.06.2026 09:16:19
  • Zuletzt bearbeitet 01.06.2026 17:06:22

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g. nested `password` / `token` / `secret` / `api_key` keys inside a JSON template structure) to be bypassed when the rendered field exceeded `[core] max...

  • EPSS 0.65%
  • Veröffentlicht 01.06.2026 09:16:19
  • Zuletzt bearbeitet 03.06.2026 02:06:59

Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gat...

  • EPSS 0.34%
  • Veröffentlicht 01.06.2026 09:16:19
  • Zuletzt bearbeitet 01.06.2026 18:25:06

Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's `str.lstrip()` to the ...

  • EPSS 0.65%
  • Veröffentlicht 01.06.2026 09:16:18
  • Zuletzt bearbeitet 02.06.2026 18:49:33

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to ...

  • EPSS 0.46%
  • Veröffentlicht 01.06.2026 09:16:18
  • Zuletzt bearbeitet 01.06.2026 17:06:48

The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate l...

  • EPSS 0.35%
  • Veröffentlicht 01.06.2026 09:16:18
  • Zuletzt bearbeitet 02.06.2026 18:49:24

The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and ...

  • EPSS 0.27%
  • Veröffentlicht 01.06.2026 09:16:18
  • Zuletzt bearbeitet 02.06.2026 17:16:31

Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy (e.g. nginx / Envoy / a managed load balancer that terminates TLS and f...

  • EPSS 0.46%
  • Veröffentlicht 01.06.2026 09:16:18
  • Zuletzt bearbeitet 02.06.2026 18:49:13

A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`) evaluated authorization against the `dag_id` resolved from the URL path while operating on the `dag_id` / `dag_run_id` extract...

  • EPSS 0.37%
  • Veröffentlicht 01.06.2026 09:16:18
  • Zuletzt bearbeitet 02.06.2026 18:48:48

Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `BashOperator(bash_command="echo value: {{ dag_run.conf['conf1'] }}")` example without any quoting / sanitization wa...

  • EPSS 0.34%
  • Veröffentlicht 01.06.2026 09:16:18
  • Zuletzt bearbeitet 02.06.2026 17:16:32

A bug in Apache Airflow's Variable response masker caused nested-key redaction (triggered by secret-suffixed key names like `password`, `token`, `secret`, `api_key`) to be bypassed when the JSON value's nesting depth exceeded the shared secrets maske...