VYPR
High severity8.7NVD Advisory· Published May 19, 2026· Updated May 19, 2026

CVE-2026-27173

CVE-2026-27173

Description

JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
apache-airflow-providers-cncf-kubernetesPyPI
< 10.17.010.17.0

Affected products

2
  • Apache/Airflowreferences2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.