Bitnami package
airflow
pkg:bitnami/airflow
Vulnerabilities (109)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40690 | Med | 4.3 | < 3.2.1 | 3.2.1 | Apr 24, 2026 | The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized sco | |
| CVE-2026-38743 | Med | 4.3 | < 3.2.1 | 3.2.1 | Apr 24, 2026 | The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts (including their request parameters) and full TaskIn | |
| CVE-2026-32690 | Low | 3.7 | >= 3.0.0, < 3.2.0 | 3.2.0 | Apr 18, 2026 | Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise p | |
| CVE-2026-32228 | Hig | 7.5 | >= 3.0.0, < 3.2.0 | 3.2.0 | Apr 18, 2026 | UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue. | |
| CVE-2026-30912 | Hig | 7.5 | < 3.2.0 | 3.2.0 | Apr 18, 2026 | In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue. | |
| CVE-2026-30898 | Hig | 8.8 | < 3.2.0 | 3.2.0 | Apr 18, 2026 | An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted t | |
| CVE-2026-25917 | Hig | 7.2 | < 3.2.0 | 3.2.0 | Apr 18, 2026 | Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache | |
| CVE-2026-31987 | Hig | 7.5 | >= 3.0.0, < 3.2.0 | 3.2.0 | Apr 16, 2026 | JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue. | |
| CVE-2026-25219 | Med | 6.5 | < 3.1.8 | 3.1.8 | Apr 15, 2026 | The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be s | |
| CVE-2025-54550 | Hig | 8.1 | < 3.2.0 | 3.2.0 | Apr 15, 2026 | The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users ar | |
| CVE-2026-33858 | Hig | 8.8 | >= 3.1.8, < 3.2.0 | 3.2.0 | Apr 13, 2026 | Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apach | |
| CVE-2025-66236 | Hig | 7.5 | >= 3.0.0, < 3.2.0 | 3.2.0 | Apr 13, 2026 | Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enoug | |
| CVE-2025-57735 | Cri | 9.1 | >= 3.0.0, < 3.2.0 | 3.2.0 | Apr 9, 2026 | When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about th | |
| CVE-2026-34538 | Med | 6.5 | >= 3.0.0, < 3.2.0 | 3.2.0 | Apr 9, 2026 | Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with | |
| CVE-2026-28563 | — | >= 3.0.0, < 3.1.8 | 3.1.8 | Mar 17, 2026 | Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users | ||
| CVE-2026-26929 | — | >= 3.0.0, < 3.1.8 | 3.1.8 | Mar 17, 2026 | Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag_id set to "~" (wildcard for all DAGs). As a result, version metadata of DAGs that the requester is not authorized to access | ||
| CVE-2026-30911 | — | >= 3.1.0, < 3.1.8 | 3.1.8 | Mar 17, 2026 | Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recom | ||
| CVE-2026-28779 | — | >= 3.0.0, < 3.1.8 | 3.1.8 | Mar 17, 2026 | Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP reques | ||
| CVE-2025-27555 | — | < 2.11.1 | 2.11.1 | Feb 24, 2026 | Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audi | ||
| CVE-2024-56373 | — | < 2.11.1 | 2.11.1 | Feb 24, 2026 | DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server ( |
- affected < 3.2.1fixed 3.2.1
The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized sco
- affected < 3.2.1fixed 3.2.1
The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts (including their request parameters) and full TaskIn
- affected >= 3.0.0, < 3.2.0fixed 3.2.0
Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise p
- affected >= 3.0.0, < 3.2.0fixed 3.2.0
UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue.
- affected < 3.2.0fixed 3.2.0
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.
- affected < 3.2.0fixed 3.2.0
An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted t
- affected < 3.2.0fixed 3.2.0
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache
- affected >= 3.0.0, < 3.2.0fixed 3.2.0
JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue.
- affected < 3.1.8fixed 3.1.8
The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be s
- affected < 3.2.0fixed 3.2.0
The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary execution of code on the worker. Since the UI users ar
- affected >= 3.1.8, < 3.2.0fixed 3.2.0
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apach
- affected >= 3.0.0, < 3.2.0fixed 3.2.0
Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enoug
- affected >= 3.0.0, < 3.2.0fixed 3.2.0
When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about th
- affected >= 3.0.0, < 3.2.0fixed 3.2.0
Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with
- CVE-2026-28563Mar 17, 2026affected >= 3.0.0, < 3.1.8fixed 3.1.8
Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users
- CVE-2026-26929Mar 17, 2026affected >= 3.0.0, < 3.1.8fixed 3.1.8
Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag_id set to "~" (wildcard for all DAGs). As a result, version metadata of DAGs that the requester is not authorized to access
- CVE-2026-30911Mar 17, 2026affected >= 3.1.0, < 3.1.8fixed 3.1.8
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recom
- CVE-2026-28779Mar 17, 2026affected >= 3.0.0, < 3.1.8fixed 3.1.8
Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP reques
- CVE-2025-27555Feb 24, 2026affected < 2.11.1fixed 2.11.1
Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audi
- CVE-2024-56373Feb 24, 2026affected < 2.11.1fixed 2.11.1
DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (
Page 1 of 6