Apache Airflow: 17 Vulnerabilities Disclosed on June 1, 2026

Key findings

• 17 Apache Airflow vulnerabilities disclosed on June 1, 2026, impacting multiple components.
• Issues include authentication bypass, sensitive data exposure, and improper authorization.
• KubernetesExecutor and JWT handling are affected by critical security flaws.
• Data masking and templating mechanisms had bypass vulnerabilities.
• UI endpoints and documentation examples also contained security weaknesses.
• Users are advised to upgrade to patched versions, with 3.2.2 specifically mentioned.

On June 1, 2026, a significant batch of 17 vulnerabilities affecting Apache Airflow was disclosed, spanning a variety of security concerns from authentication bypass to sensitive data exposure. The disclosures, all occurring within a one-hour window, highlight potential risks for organizations relying on Airflow for workflow orchestration.

Several vulnerabilities center on authentication and authorization mechanisms. CVE-2026-48726 addresses a flaw in the auth manager's logout handling, where JWT tokens remained valid after a user logged out, potentially allowing continued access. Similarly, CVE-2026-41017 points out that the JWTRefreshMiddleware set JWT auth cookies without the Secure flag, posing a risk in HTTPS-terminated proxy setups. CVE-2026-49298 impacts the KubernetesExecutor, mistakenly passing JWT tokens as command-line arguments to worker pods, visible in the pod spec. Furthermore, CVE-2026-41084 involves an authorization check discrepancy in the bulk Task Instances API, where URL path resolution differed from request body data.

Data handling and masking also saw multiple issues. CVE-2026-42358 and CVE-2026-42360 detail bypasses in Airflow's variable response masker and rendered-template field handling, respectively, where nested secrets could be exposed if nesting depth or templated field length exceeded certain limits. CVE-2026-45192 concerns the Connections API, allowing retrieval of secrets from the extra JSON blob under unlisted field names. An issue with the Log server (CVE-2026-45426) allowed for improper JWT token validation against DAG IDs due to string manipulation flaws. Additionally, CVE-2026-40861 describes how DAG authors could potentially read arbitrary files or write to sensitive locations via log directory manipulation or crafted task_ids.

Other vulnerabilities include CVE-2026-49267, where SMTP STARTTLS connections were established without certificate verification, opening the door to man-in-the-middle attacks. CVE-2026-45360 highlights a critical flaw where the scheduler-side deadline-reference decoder imported arbitrary class paths from DAG-author-controlled serialized state without an allowlist. CVE-2026-42359 details how authenticated users with XCom write permission could set XCom entries under reserved key names. The official documentation itself is implicated in CVE-2026-42252, with an example showing unquoted/unsanitized parameter passing in a BashOperator.

Several vulnerabilities relate to information disclosure within the UI. CVE-2026-46764 allowed authenticated users with audit log read permissions to bypass per-DAG scoping for event logs. CVE-2026-40963 describes how the structure_data endpoint could leak external dependency graph nodes for linked DAGs without proper authorization checks. Similarly, CVE-2026-40961 enabled authenticated users to craft URLs that bypassed the is_safe_url check, leading to open redirect vulnerabilities.

Finally, CVE-2026-40961, related to login redirects, and CVE-2026-40861, concerning log directory manipulation, are specifically mentioned as being addressed by upgrading to apache-airflow 3.2.2 or later. The broad nature of these vulnerabilities underscores the importance of timely patching and security reviews for all Airflow deployments.