Vulnerability Details CVE-2026-27173
JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 5.2%
CVSS Severity
CVSS v3 Score 8.7
Products affected by CVE-2026-27173
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:1.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:1.0.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:1.0.2
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:1.1.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:1.2.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.0.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.1.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.10.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.11.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.11.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.12.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.12.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.12.2
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.12.3
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.12.4
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.13.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.14.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.15.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.16.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.16.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.3.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.3.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.4.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.4.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.4.2
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.4.3
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.5.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.6.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.6.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.6.2
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.7.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.8.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.8.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.8.2
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:10.9.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:2.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:2.0.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:2.0.2
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:2.0.3
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:2.1.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:2.2.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:3.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:3.0.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:3.0.2
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:3.1.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:3.1.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:3.1.2
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:4.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:4.0.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:4.0.2
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:4.1.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:4.2.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:4.3.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:4.4.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:5.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:5.1.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:5.1.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:5.2.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:5.2.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:5.2.2
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:5.3.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:6.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:6.1.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:6.2.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.1.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.10.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.11.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.12.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.13.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.14.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.2.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.3.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.4.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.4.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.4.2
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.5.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.5.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.6.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.7.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.8.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:7.9.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:8.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:8.0.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:8.1.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:8.1.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:8.2.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:8.3.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:8.3.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:8.3.2
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:8.3.3
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:8.3.4
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:8.4.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:8.4.1
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:8.4.2
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:9.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-cncf-kubernetes:9.0.1