VYPR
Moderate severityNVD Advisory· Published Oct 30, 2025· Updated Feb 26, 2026

Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API

CVE-2025-62402

Description

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
apache-airflowPyPI
>= 3.0.0, < 3.1.13.1.1

Affected products

3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.