Medium severity5.3NVD Advisory· Published May 25, 2026· Updated May 27, 2026
CVE-2026-46745
CVE-2026-46745
Description
Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP authentication until the provider can be updated.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3<3.6.4+ 1 more
- (no CPE)range: <3.6.4
- (no CPE)range: <=3.6.3
Patches
Vulnerability mechanics
References
3- github.com/apache/airflow/pull/66417nvdIssue TrackingPatch
- www.openwall.com/lists/oss-security/2026/05/24/10nvdMailing ListThird Party Advisory
- lists.apache.org/thread/dvfy0bs181xwsrjrd3y5c55ztbzm8yhhnvdMailing ListVendor Advisory
News mentions
1- Apache Ships 12 Patches Across 7 Projects: Shiro, Airflow, Syncope Lead the BatchVypr Intelligence · May 28, 2026