CVE-2026-30912
published 2026-04-18CVE-2026-30912: In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | airflow | < 3.2.0 | 3.2.0 |
| apache_software_foundation | apache_airflow | < 3.2.0 | 3.2.0 |