High severity7.5NVD Advisory· Published Apr 18, 2026· Updated Apr 21, 2026
CVE-2026-30912
CVE-2026-30912
Description
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-airflow-corePyPI | < 3.2.0 | 3.2.0 |
Affected products
1Patches
160f6efca5b51https://github.com/apache/airflowvia nvd-ref
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- www.openwall.com/lists/oss-security/2026/04/17/5nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-w7cf-2pmc-5m4cghsaADVISORY
- lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9nvdVendor AdvisoryMailing ListWEB
- nvd.nist.gov/vuln/detail/CVE-2026-30912ghsaADVISORY
- github.com/apache/airflow/pull/63028nvdIssue TrackingWEB
News mentions
0No linked articles in our index yet.