CVE-2026-26929 in Airflow정보

요약

\~에 의해 MITRE • 2026. 03. 17.

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag_id set to "~" (wildcard for all DAGs). As a result, version metadata of DAGs that the requester is not authorized to access is returned.

Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

Apache

예약하다

2026. 02. 16.

공개

2026. 03. 17.

모더레이션

수락

항목

VDB-351368

CPE

준비됨

CWE

CWE-732 (확인됨)

CVSS

6.5 (CISA-ADP)

EPSS

0.00054

KEV

아니요

활동

매우 낮음

부문

Lawfirm, Police, ...

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-26929
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-26929
CVE Details	https://www.cvedetails.com/cve/CVE-2026-26929/

◂ 이전 개요 다음 ▸

Do you need the next level of professionalism?

Upgrade your account now!