Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors

Vulnerability

Overview

CVE-2026-24098 is an information disclosure vulnerability in Apache Airflow versions 3.0.0 through 3.1.7. The root cause lies in a missing or incorrect permission check in the API endpoints that serve import errors [2][4]. When a user has permission to view one or more specific DAGs, the system does not properly filter import errors generated by other DAGs, allowing the user to see those errors even though they lack explicit access to those DAGs [3][4].

Exploitation

Context

An attacker must be an authenticated UI user with at least read permission on one DAG [3][4]. The attack is performed through the normal web interface or API, without requiring any special privileges beyond those granted to a typical user with limited DAG access. The vulnerability is exploitable in the default configuration and does not require any additional authentication bypass [2].

Impact

A successful attacker can view the content of import errors from DAGs they are not authorized to access [3]. Import errors may contain sensitive information such as file paths, database connection strings, source code snippets, or internal network details, depending on the DAG definition. This leakage violates the principle of least privilege and could aid in further attacks against the Airflow environment [1][2].

Mitigation

Apache has fixed the issue in Airflow 3.1.7 [2][4]. Users are strongly advised to upgrade to version 3.1.7 or later [3]. The fix corrects the permission check in the import error API, ensuring that only import errors for DAGs the current user has access to are returned [2]. No workaround is available for older versions.