SB2026060498 - Multiple vulnerabilities in Apache Airflow

Description

This security bulletin contains information about 17 vulnerabilities.

1) Link following (CVE-ID: CVE-2026-40861)

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to read arbitrary files.

The vulnerability exists due to improper link resolution in FileTaskHandler when processing task log paths. A remote user can create a symlink under a task log directory to read arbitrary files.

Only deployments where the worker log folder is shared with the API server are affected.

2) Open redirect (CVE-ID: CVE-2026-40961)

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to redirect users to an attacker-controlled origin.

The vulnerability exists due to improper input validation in the login redirect route when handling crafted login URLs with a manipulated next= parameter. A remote user can craft a URL that bypasses the is_safe_url check to redirect users to an attacker-controlled origin.

3) Improper access control (CVE-ID: CVE-2026-40963)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in the structure_data endpoint when handling requests for linked Dag dependency data. A remote user can send a request for dependency graph data to disclose sensitive information.

This affects deployments that rely on per-Dag read scoping to keep Dag dependency topology private across teams.

4) Improper access control (CVE-ID: CVE-2026-41014)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in /ui/partitioned_dag_runs endpoints when handling UI or API requests. A remote user can query the endpoints to disclose sensitive information.

The issue affects deployments that rely on per-Dag read scoping while granting users broader Asset:read access.

5) Improper Certificate Validation (CVE-ID: CVE-2026-49267)

CWE-ID: CWE-295 - Improper Certificate Validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to disclose SMTP authentication credentials and email contents.

The vulnerability exists due to improper certificate validation in EmailOperator and airflow.utils.email when establishing SMTP STARTTLS connections. A remote attacker can present a self-signed certificate in a machine-in-the-middle position to disclose SMTP authentication credentials and email contents.

Only deployments with smtp_starttls enabled and smtp_ssl disabled are vulnerable, and the SMTP relay must be reachable across a less-trusted network segment than the worker.

6) Improper access control (CVE-ID: CVE-2026-41084)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to modify Task Instance state across DAG boundaries.

The vulnerability exists due to improper access control in the bulk Task Instances API endpoint when handling PATCH or DELETE requests that include request-body entity fields for dag_id and dag_run_id. A remote user can send a specially crafted API request to modify Task Instance state across DAG boundaries.

This issue affects deployments that rely on per-DAG edit scope to isolate Task Instance state between teams.

7) Command injection (CVE-ID: CVE-2026-42252)

CWE-ID: CWE-77 - Command injection

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to command injection in BashOperator bash_command templating when processing user-supplied dag_run.conf values from the trigger API. A remote user can supply a specially crafted conf value to execute arbitrary code.

Exploitation requires a deployment whose DAG code copied the documented pattern and a user with Dag.can_trigger permission on the affected DAG.

8) Information disclosure (CVE-ID: CVE-2026-42360)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper masking of sensitive information in rendered-template field handling when processing structured JSON templates that exceed the configured maximum templated field length. A remote user can read rendered template fields through the UI or API to disclose sensitive information.

Only deployments where DAG authors pass structured JSON to operators with nested sensitive keys are affected.

9) Information disclosure (CVE-ID: CVE-2026-42358)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper redaction logic in Variable response masker when processing deeply nested JSON Variable values. A remote user can read Variable values containing sensitive keys nested beyond the recursion limit to disclose sensitive information.

Only deployments that store sensitive values inside deeply nested JSON Variables are affected.

10) Improper access control (CVE-ID: CVE-2026-46764)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to disclose audit-log entries for other Dag scopes.

The vulnerability exists due to improper access control in the Event Log detail endpoint `GET /api/v2/eventLogs/{event_log_id}` when handling requests for event log records by numeric ID. A remote user can guess or enumerate event log IDs to disclose audit-log entries for other Dag scopes.

Affects deployments that rely on per-Dag audit-log scoping.

11) Improper Authorization (CVE-ID: CVE-2026-45426)

CWE-ID: CWE-285 - Improper Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in the log server JWT authorization logic when handling log access requests for Dag IDs. A remote user can use a valid log-server JWT issued for one Dag to access worker logs of other Dags with names sharing the stripped character-set prefix to disclose sensitive information.

Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid log-server JWT issued for at least one Dag. This affects deployments relying on per-Dag log-access scoping.

12) Code Injection (CVE-ID: CVE-2026-45360)

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote user to execute arbitrary code in the scheduler process.

The vulnerability exists due to improper control of dynamically managed code resources in SerializedCustomReference.deserialize_reference when deserializing DAG-author-controlled deadline references. A remote user can supply a crafted serialized class path to execute arbitrary code in the scheduler process.

The issue affects deployments where DAG-author code is less trusted than the scheduler process, and is exposed by default on single-host deployments where the DAG bundle is importable from the scheduler process.

13) Input validation error (CVE-ID: CVE-2026-42359)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper input validation in the XCom PATCH endpoint when handling crafted PATCH requests to update XCom entries under reserved key names with serialized payloads. A remote user can send a specially crafted PATCH request to execute arbitrary code.

Exploitation requires XCom write permission on a Dag, and the affected task must later defer to the triggerer.

14) Sensitive Cookie in HTTPS Session Without 'Secure' Attribute (CVE-ID: CVE-2026-41017)

CWE-ID: CWE-614 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to hijack a user's authenticated session.

The vulnerability exists due to improper cookie security attribute configuration in JWTRefreshMiddleware when setting the JWT authentication cookie behind an https-terminating reverse proxy. A remote attacker can induce a logged-in user's browser to send a cleartext HTTP request and capture the JWT cookie to hijack a user's authenticated session.

Exploitation requires the deployment to be behind a TLS-terminating proxy and user interaction is required from a logged-in user.

15) Information disclosure (CVE-ID: CVE-2026-45192)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to improper access control in the GET /api/v2/connections/{connection_id} REST API endpoint when returning Connection extra JSON fields. A remote user can send a request for a connection record to disclose sensitive information.

The issue affects secrets stored in a Connection's extra JSON blob under field names not present in the redaction allowlist, and user access to read the connection is required.

16) Insufficient Session Expiration (CVE-ID: CVE-2026-48726)

CWE-ID: CWE-613 - Insufficient Session Expiration

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to make authenticated API calls as a logged-out user.

The vulnerability exists due to improper session expiration in FabAuthManager / KeycloakAuthManager logout handling when processing logout requests. A remote user can use a previously issued JWT token to make authenticated API calls as a logged-out user.

Only deployments configured with FabAuthManager or KeycloakAuthManager are affected; SimpleAuthManager is not affected.

17) Information disclosure (CVE-ID: CVE-2026-49298)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote user to access and misuse execution API capabilities.

The vulnerability exists due to exposure of sensitive information in KubernetesExecutor when exposing worker pod JWT tokens in command-line arguments visible through pod metadata. A remote user can read pod details to harvest a JWT token and call state-mutating execution API endpoints to access and misuse execution API capabilities.

Exploitation requires an authenticated UI or API account and Kubernetes read-only access such as permission to view pod details in the Airflow namespace. Only deployments using the KubernetesExecutor are affected.

Remediation

Install update from vendor's website.

References

• https://lists.apache.org/api/email.lua?id=y8vqlzmqtsbj8ol7cw5s4kgttx29gk98
• https://github.com/apache/airflow/pull/65325
• https://lists.apache.org/api/email.lua?id=8mxjnxn62bw5ojqg247m18ckvnzdfkgc
• https://github.com/apache/airflow/pull/65557
• https://lists.apache.org/api/email.lua?id=7ymbk6m9s7389y2dhc9wx494grhv8xjc
• https://github.com/apache/airflow/pull/65342
• https://lists.apache.org/api/email.lua?id=s2gfk1bv779lx8k446vbdxxodo40lw1k
• https://github.com/apache/airflow/pull/65344
• https://lists.apache.org/api/email.lua?id=prn6rv10gs2ts93sbqw12l66h3okl631
• https://github.com/apache/airflow/pull/65346
• https://lists.apache.org/api/email.lua?id=bb7f1kt0gv83jjsdkscfrk2kkv5s2kn7
• https://github.com/apache/airflow/pull/64288
• https://lists.apache.org/api/email.lua?id=6zfzpw8gb733h777hg4ms27xl7zz10m1
• https://github.com/apache/airflow/pull/64129
• https://lists.apache.org/api/email.lua?id=tjo4d0g8jngp69m51ldkmgdfkvnkqczw
• https://github.com/apache/airflow/pull/65906
• https://lists.apache.org/api/email.lua?id=7gtyq83wtph2o8xhg6yw29k4o0cqd41g
• https://github.com/apache/airflow/pull/65912
• https://lists.apache.org/api/email.lua?id=c8n6s8v9wnvjzc6k0sll9oyvmp2jrt7s
• https://github.com/apache/airflow/pull/67112
• https://lists.apache.org/api/email.lua?id=7gqcm2f4hbkbcfq1l1wc71g61h2hchv1
• https://github.com/apache/airflow/pull/66749
• https://lists.apache.org/api/email.lua?id=4yz7lbd3mnoltdjn54qbynhqv1rg36og
• https://github.com/apache/airflow/pull/66737
• https://lists.apache.org/api/email.lua?id=wrr7tgz4m03mlqsfn1kt776h4585q3j2
• https://github.com/apache/airflow/pull/65915
• https://lists.apache.org/api/email.lua?id=qq90d4ftnvyrwgxjpmo2jrxyj2vlkthd
• https://github.com/apache/airflow/pull/65348
• https://lists.apache.org/api/email.lua?id=fgws4cy0zx4d9dnn8x2588m01d0s1qf9
• https://github.com/apache/airflow/pull/66673
• https://lists.apache.org/api/email.lua?id=dmm4b56k9dxytvypjozgmhh6kjohcnql
• https://github.com/apache/airflow/pull/67289
• https://lists.apache.org/api/email.lua?id=7rqvyt7kxgpgmor6r2tq7d3qg383pjz6
• https://github.com/apache/airflow/pull/60108