Vulnerability Details CVE-2026-49818
The Apache Airflow Samba provider's `GCSToSambaOperator` joined GCS object names to the SMB destination path without a containment check, so an object named with `../` segments resolved a write path outside the configured `destination_path`. An attacker able to write objects into the source GCS bucket — typically an external data producer distinct from the trusted DAG author — could write files to arbitrary locations on the Samba target when the operator ran. Upgrade apache-airflow-providers-samba to 4.12.6 or later, which validates the resolved destination stays within `destination_path`.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.9%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2026-49818
-
cpe:2.3:a:apache:apache-airflow-providers-samba:1.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-samba:1.0.1
-
cpe:2.3:a:apache:apache-airflow-providers-samba:2.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-samba:3.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-samba:3.0.1
-
cpe:2.3:a:apache:apache-airflow-providers-samba:3.0.2
-
cpe:2.3:a:apache:apache-airflow-providers-samba:3.0.3
-
cpe:2.3:a:apache:apache-airflow-providers-samba:3.0.4
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.0.0
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.1.0
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.10.0
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.10.1
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.10.2
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.10.3
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.11.0
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.11.1
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.12.0
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.12.1
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.12.2
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.12.3
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.12.4
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.12.5
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.2.0
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.2.1
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.2.2
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.3.0
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.4.0
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.5.0
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.6.0
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.7.0
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.7.1
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.8.0
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.9.0
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.9.1
-
cpe:2.3:a:apache:apache-airflow-providers-samba:4.9.2