VYPR

Bitnami package

airflow

pkg:bitnami/airflow

Vulnerabilities (126)

  • CVE-2026-49298HigJun 1, 2026
    affected < 3.2.2fixed 3.2.2

    A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to th

  • CVE-2026-49267MedJun 1, 2026
    affected >= 2.0.0, < 3.2.2fixed 3.2.2

    Apache Airflow's EmailOperator and the underlying `airflow.utils.email` helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used `[email] smtp_starttls=True` without `[email] smtp_ssl`. An attacker positioned between the work

  • CVE-2026-48726MedJun 1, 2026
    affected < 3.2.2fixed 3.2.2

    A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `KeycloakAuthManager` did not actually reach the underlying `revoke_token()` call, so the JWT remained

  • CVE-2026-46764MedJun 1, 2026
    affected < 3.2.2fixed 3.2.2

    The Event Log detail endpoint `GET /api/v2/eventLogs/{event_log_id}` in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint `GET /api/v2/eventLogs` applied per-Dag scoping. An authenticated

  • CVE-2026-45426LowJun 1, 2026
    affected >= 3.0.0, < 3.2.2fixed 3.2.2

    Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's `str.lstrip()` to the requested path segment when ve

  • CVE-2026-45360HigJun 1, 2026
    affected < 3.2.2fixed 3.2.2

    Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code rea

  • CVE-2026-42360MedJun 1, 2026
    affected < 3.2.2fixed 3.2.2

    A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g. nested `password` / `token` / `secret` / `api_key` keys inside a JSON template structure) to be bypassed when the rendered field exceeded `[core] max_templated_field_length`: Airf

  • CVE-2026-42359HigJun 1, 2026
    affected >= 3.2.0, < 3.2.2fixed 3.2.2

    A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names (e.g. `return_value`) that the matching POST endpoint already validated against `F

  • CVE-2026-42358MedJun 1, 2026
    affected < 3.2.2fixed 3.2.2

    A bug in Apache Airflow's Variable response masker caused nested-key redaction (triggered by secret-suffixed key names like `password`, `token`, `secret`, `api_key`) to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the maske

  • CVE-2026-42252CriJun 1, 2026
    affected >= 3.0.0, < 3.2.2fixed 3.2.2

    Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim `BashOperator(bash_command="echo value: {{ dag_run.conf['conf1'] }}")` example without any quoting / sanitization warning. Dag authors who copied

  • CVE-2026-41084HigJun 1, 2026
    affected >= 3.2.0, < 3.2.2fixed 3.2.2

    A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`) evaluated authorization against the `dag_id` resolved from the URL path while operating on the `dag_id` / `dag_run_id` extracted from request-body entity fi

  • CVE-2026-41017MedJun 1, 2026
    affected >= 3.0.0, < 3.2.2fixed 3.2.2

    Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy (e.g. nginx / Envoy / a managed load balancer that terminates TLS and forwards plaintext to the API s

  • CVE-2026-41014MedJun 1, 2026
    affected >= 3.2.0, < 3.2.2fixed 3.2.2

    The partitioned_dag_runs endpoints in the Airflow UI enforced only asset-level access control, not per-Dag authorization. An authenticated UI/API user with global Asset:read permission could enumerate partition run state, schedule configuration, and asset wiring for Dags they wer

  • CVE-2026-40963LowJun 1, 2026
    affected >= 3.0.0, < 3.2.2fixed 3.2.2

    The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency m

  • CVE-2026-40961HigJun 1, 2026
    affected >= 3.0.0, < 3.2.2fixed 3.2.2

    A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to `apache-airflow` 3.2.2 or late

  • CVE-2026-40861MedJun 1, 2026
    affected < 3.2.2fixed 3.2.2

    A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg`) or (b) supply a `task_id` containing `..` sequences accepted by the Task SDK's

  • CVE-2026-45192MedJun 1, 2026
    affected < 3.2.2fixed 3.2.2

    A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's `extra` JSON blob under field names not present in the redaction allowlist

  • CVE-2026-40690MedApr 24, 2026
    affected < 3.2.1fixed 3.2.1

    The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized sco

  • CVE-2026-38743MedApr 24, 2026
    affected < 3.2.1fixed 3.2.1

    The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts (including their request parameters) and full TaskIn

  • CVE-2026-32690LowApr 18, 2026
    affected >= 3.0.0, < 3.2.0fixed 3.2.0

    Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise p

Page 1 of 7