CVE-2026-33858 in Airflowinformación

Resumen

por MITRE • 2026-04-13

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.

Users are recommended to upgrade to Apache Airflow 3.2.0, which resolves this issue.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

Apache

Reservar

2026-03-24

Divulgación

2026-04-13

Moderación

aceptado

Artículo

VDB-357166

CPE

listo

CWE

CWE-502 (confirmado)

CVSS

6.3 (VulDB)

EPSS

0.00200

KEV

Actividades

muy bajo

Sector

Energy, Finance, ...

Fuentes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-33858
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-33858
CVE Details	https://www.cvedetails.com/cve/CVE-2026-33858/

◂ Anterior Visión De Conjunto Próximo ▸

Do you know our Splunk app?

Download it now for free!