CNNVD-202602-1346 Information

Feb 09, 2026 cve

CNNVD ID

CNNVD-202602-1346

CVE-2026-22922

CNNVD Published: 2026-02-09

Description (Chinese)

Apache Airflow是美国阿帕奇（Apache）基金会的一套具有创建、管理和监控工作流程功能的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 3.1.0版本至3.1.6版本存在安全漏洞，该漏洞源于授权缺陷，可能导致具有自定义任务访问权限的已认证用户查看其无权访问的任务日志。

Description (English)

Apache Airflow is an open-source platform for the Apache Foundation in the United States with the function of creating, managing and monitoring workflows. The platform has such characteristics as scalable and dynamic monitoring. There is a security gap between Appache AirFlow, Versions 3.1.06 and 3.1.6, which stems from a mandate deficiency and may lead accredited users with custom mission access to mission logs that they are not authorized to access.

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2026-02-09

Last Modified

2026-02-24

References

https://github.com/apache/airflow/pull/60412 http://www.openwall.com/lists/oss-security/2026/02/09/2 https://lists.apache.org/thread/gdb7vffhpmrj5hp1j0oj1j13o4vmsq40 https://access.redhat.com/security/cve/cve-2026-22922

Patch

https://airflow.apache.org/

Share on: