Apache Software Foundation Apache Airflow vulnerabilities

CVE-2026-33858 [HIGH] CWE-502 CVE-2026-33858: Dag Authors, who normally should not be able to execute code in the webserver context could craft XC Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0, which resolves this issue.

CVE-2025-66236 CWE-532 CVE-2025-66236: Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though Airflow's intentions and security model of Airflow did not suggest

CVE-2025-57735 [CRITICAL] CWE-613 CVE-2025-57735: When user logged out, the JWT token the user had authtenticated with was not invalidated, which coul When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario and possibility of intercepting the tokens, should

CVE-2026-34538 [MEDIUM] CWE-668 CVE-2026-34538: Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security model documentation that defines the Viewer role as read-on

CVE-2026-30911 [HIGH] CWE-862 CVE-2026-30911: Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this i

CVE-2026-28779 [HIGH] CWE-668 CVE-2026-28779: Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regar Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full session takeover without attacking Airflow itsel

CVE-2026-26929 [MEDIUM] CWE-732 CVE-2026-26929: Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG au Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag_id set to "~" (wildcard for all DAGs). As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users are recommended to upgrade to Apache Airflow 3.1.8

CVE-2026-28563 [MEDIUM] CWE-732 CVE-2026-28563: Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependenc Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which reso

CVE-2024-56373 [HIGH] CWE-94 CVE-2024-56373: DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in th DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information. T

CVE-2025-27555 [MEDIUM] CWE-532 Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the aud

CVE-2025-65995 [MEDIUM] CWE-209 CVE-2025-65995: When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as secrets), they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue has been fixed in Airflow 3.1.4 and 2.11.1, and use

CVE-2026-24098 [MEDIUM] CWE-200 CVE-2026-24098: Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with per Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue

CVE-2026-22922 [MEDIUM] CWE-648 CVE-2026-22922: Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenti Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this issue.

CVE-2025-68438 [HIGH] CWE-200 CVE-2025-68438: In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_te In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include user-registered mask_secret() patterns, so secrets

CVE-2025-68675 [HIGH] CWE-532 CVE-2025-68675: In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs,

CVE-2025-66388 [MEDIUM] CWE-201 CVE-2025-66388: A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered t A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this issue.

CVE-2025-62402 [MEDIUM] CWE-250 CVE-2025-62402: API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.

CVE-2025-62503 [MEDIUM] CWE-250 CVE-2025-62503: User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing rec User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action.

CVE-2025-54941 [MEDIUM] CWE-78 CVE-2025-54941: An example dag `example_dag_decorator` had non-validated parameter that allowed the UI user to redir An example dag `example_dag_decorator` had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production (not default) or the example dag code copied to build your own similar dag. If you used the `example_dag_decorator`

CVE-2025-54831 [MEDIUM] CWE-213 CVE-2025-54831: Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The in Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was unintentionally violated: sensitive connection information could