CVE-2026-24098

Опубликовано: 09 фев. 2026

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to.

Users are advised to upgrade to 3.1.7 or later, which resolves this issue

Ссылки

https://github.com/apache/airflow/pull/60801
Issue Tracking
Patch
https://lists.apache.org/thread/nx96435v77xdst7ls5lk57kqvqyj095x
Mailing List
Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/02/09/3
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.1.7 (исключая)

EPSS

Процентиль: 9%

0.0003

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-200

Связанные уязвимости

CVE-2026-24098

CVSS3: 6.5

debian

около 2 месяцев назад

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows a ...

GHSA-5g2w-9f8g-g5q7

CVSS3: 6.5

github

около 2 месяцев назад

Apache Airflow UI Exposes DAG Import Errors to Unauthorized Authenticated Users

EPSS

Процентиль: 9%

0.0003

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-200