CNNVD-202601-2708 Information

Jan 16, 2026 cve

CNNVD ID

CNNVD-202601-2708

CVE-2025-68438

CNNVD Published: 2026-01-16

Description (Chinese)

Apache Airflow是美国阿帕奇（Apache）基金会的一套具有创建、管理和监控工作流程功能的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 3.1.6之前版本存在安全漏洞，该漏洞源于渲染模板字段时未包含用户注册的mask_secret模式，可能导致敏感值在Rendered Templates UI中以明文形式暴露。

Description (English)

Apache Airflow is an open-source platform for the Apache Foundation in the United States with the function of creating, managing and monitoring workflows. The platform has such characteristics as scalable and dynamic monitoring. There was a security loophole in the previous version of Apache Airflow 3.1.6, which originated from the mask secret mode, which did not include the user registered in the rendering template field, and could lead to the exposure of sensitive values in the Rendered Templates UI.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2026-01-16

Last Modified

2026-02-24

References

https://lists.apache.org/thread/55n7b4nlsz3vo5n4h5lrj9bfsk8ctyff http://www.openwall.com/lists/oss-security/2026/01/15/5 https://access.redhat.com/security/cve/cve-2025-68438

Patch

https://lists.apache.org/thread/55n7b4nlsz3vo5n4h5lrj9bfsk8ctyff

Share on: