Vulnerabilities
Vulnerable Software
JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks.
CVSS Score
8.7
EPSS Score
0.002
Published
2026-05-19
Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions (Op or Admin) to change the connection object in this manner.  Operators should upgrade to provider version 7.0.0 which has removed the vulnerability.
CVSS Score
7.2
EPSS Score
0.015
Published
2023-05-30


Contact Us

Shodan ® - All rights reserved