Apache: >> Airflow >> 2.10.3 Security Vulnerabilities
Apache Airflow versions before 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to.
Users are advised to upgrade to 3.1.7 or later, which resolves this issue
CVSS Score
6.5
EPSS Score
0.0
Published
2026-02-09
In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.
Users are recommended to upgrade to 3.1.6 or later, which fixes this issue
CVSS Score
7.5
EPSS Score
0.001
Published
2026-01-16