Apache Airflow vulnerabilities

CVE-2026-30911 [HIGH] CWE-862 CVE-2026-30911: Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this i

CVE-2026-28779 [HIGH] CWE-668 CVE-2026-28779: Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regar Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full session takeover without attacking Airflow itsel

CVE-2026-26929 [MEDIUM] CWE-732 CVE-2026-26929: Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG au Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag_id set to "~" (wildcard for all DAGs). As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users are recommended to upgrade to Apache Airflow 3.1.8

CVE-2026-28563 [MEDIUM] CWE-732 CVE-2026-28563: Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependenc Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which reso

CVE-2024-56373 [HIGH] CWE-94 CVE-2024-56373: DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in th DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information. T

CVE-2025-27555 [MEDIUM] CVE-2025-27555: Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log a Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is l

CVE-2025-65995 [MEDIUM] CWE-209 CVE-2025-65995: When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as secrets), they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue has been fixed in Airflow 3.1.4 and 2.11.1, and use

CVE-2026-24098 [MEDIUM] CWE-200 CVE-2026-24098: Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with per Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue

CVE-2026-22922 [MEDIUM] CWE-648 CVE-2026-22922: Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenti Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this issue.

CVE-2025-68675 [HIGH] CWE-532 CVE-2025-68675: In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs,

CVE-2025-68438 [HIGH] CWE-200 CVE-2025-68438: In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_te In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include user-registered mask_secret() patterns, so secrets

CVE-2025-66388 [MEDIUM] CWE-201 CVE-2025-66388: A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered t A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this issue.

CVE-2025-62402 [MEDIUM] CWE-250 CVE-2025-62402: API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.

CVE-2025-54941 [MEDIUM] CWE-78 CVE-2025-54941: An example dag `example_dag_decorator` had non-validated parameter that allowed the UI user to redir An example dag `example_dag_decorator` had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production (not default) or the example dag code copied to build your own similar dag. If you used the `example_dag_decorator`

CVE-2025-62503 [MEDIUM] CWE-250 CVE-2025-62503: User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing rec User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.

CVE-2025-54831 [MEDIUM] CWE-213 CVE-2025-54831: Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The in Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was unintentionally violated: sensitive connection information could

CVE-2024-45784 [HIGH] CWE-1295 CVE-2024-45784: Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configurat Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compr

CVE-2024-50378 [MEDIUM] CWE-201 CVE-2024-50378: Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log a Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limit

CVE-2024-45498 [HIGH] CWE-116 CVE-2024-45498: Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerabi Example DAG: example_inlet_event_extra.py shipped with Apache Airflow version 2.10.0 has a vulnerability that allows an authenticated attacker with only DAG trigger permission to execute arbitrary commands. If you used that example as the base of your DAGs - please review if you have not copied the dangerous example; see https://github.com/apache/airf

CVE-2024-45034 [HIGH] CWE-250 CVE-2024-45034: Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local sett Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.