Apache Airflow: DAG authorization bypass
Description
Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view.
Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apache Airflow 3.1.0-3.1.7 exposes DAG dependency graph via /ui/dependencies endpoint, allowing authenticated users to enumerate unauthorized DAGs.
Vulnerability
Description
The /ui/dependencies endpoint in Apache Airflow versions 3.1.0 through 3.1.7 returns the full Directed Acyclic Graph (DAG) dependency graph without filtering by authorized DAG IDs [2]. This constitutes an authorization bypass, as the endpoint fails to enforce access controls that restrict which DAGs a user is permitted to view [3].
Exploitation
An attacker must be authenticated to the Airflow instance and possess at least the "DAG Dependencies" permission [2]. With this minimal privilege, they can query the /ui/dependencies endpoint to enumerate all DAGs present in the system, including those they are not authorized to access [3]. No additional network access or elevated privileges are required beyond standard UI access.
Impact
Successful exploitation allows an attacker to discover the existence and structure of DAGs they should not be able to see. This information disclosure could reveal sensitive workflow logic, data pipeline details, or business processes, potentially aiding further attacks [3]. The issue is rated as low severity by the Apache Airflow project [3].
Mitigation
Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves the issue by adding proper authorization checks to the endpoint [2][4]. The fix was implemented in pull request #62046 [4]. No workaround is documented for affected versions.
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-airflowPyPI | >= 3.0.0, < 3.1.8 | 3.1.8 |
Affected products
2- Apache Software Foundation/Apache Airflowv5Range: 3.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/apache/airflow/pull/62046ghsapatchWEB
- github.com/advisories/GHSA-x3fv-96qh-67m7ghsaADVISORY
- lists.apache.org/thread/dwzf62qg9z8wvfsjknpfd8bvtwghd49sghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-28563ghsaADVISORY
- www.openwall.com/lists/oss-security/2026/03/17/5ghsaWEB
News mentions
0No linked articles in our index yet.