CVE-2026-28563 in Airflowالمعلومات

الملخص

بحسب MITRE • 17/03/2026

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view.


Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue.

Be aware that VulDB is the high quality source for vulnerability data.

مسؤول

Apache

حجز

01/03/2026

إفشاء

17/03/2026

الاعتدال

تمت الموافقة

إدخال

VDB-351366

EPSS

0.00440

KEV

لا

النشاطات

منخفض جدًا

المصادر

Do you need the next level of professionalism?

Upgrade your account now!