Vulnerabilities
Vulnerable Software
Apache:  >> Airflow  >> 3.1.6  Security Vulnerabilities
Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue.
CVSS Score
8.1
EPSS Score
0.004
Published
2026-03-17
Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue
CVSS Score
6.5
EPSS Score
0.007
Published
2026-02-09
Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this issue.
CVSS Score
6.5
EPSS Score
0.004
Published
2026-02-09


Contact Us

Shodan ® - All rights reserved