Airflow
by Apache
Source repositories
CVEs (142)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-40963 | Low | 0.13 | 3.1 | 0.00 | Jun 1, 2026 | The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency… | ||
| CVE-2022-24288 | 0.07 | — | 0.78 | Feb 25, 2022 | In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI. | |||
| CVE-2020-11982 | 0.01 | — | 0.07 | Jul 16, 2020 | An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and… | |||
| CVE-2026-28563 | 0.00 | — | 0.00 | Mar 17, 2026 | Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users… | |||
| CVE-2026-26929 | 0.00 | — | 0.00 | Mar 17, 2026 | Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag_id set to "~" (wildcard for all DAGs). As a result, version metadata of DAGs that the requester is not authorized to… | |||
| CVE-2026-30911 | 0.00 | — | 0.00 | Mar 17, 2026 | Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are… | |||
| CVE-2026-28779 | 0.00 | — | 0.01 | Mar 17, 2026 | Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP… | |||
| CVE-2025-27555 | 0.00 | — | 0.00 | Feb 24, 2026 | Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the… | |||
| CVE-2024-56373 | 0.00 | — | 0.01 | Feb 24, 2026 | DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server… | |||
| CVE-2025-65995 | 0.00 | — | 0.01 | Feb 21, 2026 | When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as secrets), they might be exposed in the UI tracebacks to authenticated users who had permission to… | |||
| CVE-2026-22922 | 0.00 | — | 0.00 | Feb 9, 2026 | Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later,… | |||
| CVE-2026-24098 | 0.00 | — | 0.01 | Feb 9, 2026 | Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves… | |||
| CVE-2025-68675 | 0.00 | — | 0.02 | Jan 16, 2026 | In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log… | |||
| CVE-2025-68438 | 0.00 | — | 0.01 | Jan 16, 2026 | In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker… | |||
| CVE-2025-67895 | 0.00 | — | 0.01 | Dec 17, 2025 | Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you… | |||
| CVE-2025-66388 | 0.00 | — | 0.00 | Dec 15, 2025 | A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version… | |||
| CVE-2025-54941 | 0.00 | — | 0.00 | Oct 30, 2025 | An example dag `example_dag_decorator` had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production (not default) or the example dag code… | |||
| CVE-2025-62402 | 0.00 | — | 0.00 | Oct 30, 2025 | API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available. | |||
| CVE-2025-62503 | 0.00 | — | 0.00 | Oct 30, 2025 | User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action. | |||
| CVE-2025-54831 | 0.00 | — | 0.01 | Sep 26, 2025 | Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this… |
- risk 0.13cvss 3.1epss 0.00
The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI/API user authorized for one Dag could enumerate linked Dag IDs and dependency…
- CVE-2022-24288Feb 25, 2022risk 0.07cvss —epss 0.78
In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.
- CVE-2020-11982Jul 16, 2020risk 0.01cvss —epss 0.07
An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and…
- CVE-2026-28563Mar 17, 2026risk 0.00cvss —epss 0.00
Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users…
- CVE-2026-26929Mar 17, 2026risk 0.00cvss —epss 0.00
Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag_id set to "~" (wildcard for all DAGs). As a result, version metadata of DAGs that the requester is not authorized to…
- CVE-2026-30911Mar 17, 2026risk 0.00cvss —epss 0.00
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are…
- CVE-2026-28779Mar 17, 2026risk 0.00cvss —epss 0.01
Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP…
- CVE-2025-27555Feb 24, 2026risk 0.00cvss —epss 0.00
Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the…
- CVE-2024-56373Feb 24, 2026risk 0.00cvss —epss 0.01
DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server…
- CVE-2025-65995Feb 21, 2026risk 0.00cvss —epss 0.01
When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as secrets), they might be exposed in the UI tracebacks to authenticated users who had permission to…
- CVE-2026-22922Feb 9, 2026risk 0.00cvss —epss 0.00
Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later,…
- CVE-2026-24098Feb 9, 2026risk 0.00cvss —epss 0.01
Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves…
- CVE-2025-68675Jan 16, 2026risk 0.00cvss —epss 0.02
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log…
- CVE-2025-68438Jan 16, 2026risk 0.00cvss —epss 0.01
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker…
- CVE-2025-67895Dec 17, 2025risk 0.00cvss —epss 0.01
Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you…
- CVE-2025-66388Dec 15, 2025risk 0.00cvss —epss 0.00
A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version…
- CVE-2025-54941Oct 30, 2025risk 0.00cvss —epss 0.00
An example dag `example_dag_decorator` had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production (not default) or the example dag code…
- CVE-2025-62402Oct 30, 2025risk 0.00cvss —epss 0.00
API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.
- CVE-2025-62503Oct 30, 2025risk 0.00cvss —epss 0.00
User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.
- CVE-2025-54831Sep 26, 2025risk 0.00cvss —epss 0.01
Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this…
Page 3 of 8