CNNVD-202602-1348 Information

Feb 09, 2026 cve

CNNVD ID

CNNVD-202602-1348

CVE-2026-24098

CNNVD Published: 2026-02-09

Description (Chinese)

Apache Airflow是美国阿帕奇（Apache）基金会的一套具有创建、管理和监控工作流程功能的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 3.1.7之前版本存在安全漏洞，该漏洞源于具有特定Dag权限的已认证UI用户可以查看其无权访问的其他Dag生成的导入错误。

Description (English)

Apache Airflow is an open-source platform for the Apache Foundation in the United States with the function of creating, managing and monitoring workflows. The platform has such characteristics as scalable and dynamic monitoring. There was a security loophole in the previous version of Apache AirFlow 3.1.7 from the import errors generated by the other Dag that the accredited UI users with specific Dag privileges could view.

Vulnerability Type

其他

Affected Vendor

阿帕奇

Published

2026-02-09

Last Modified

2026-02-24

References

http://www.openwall.com/lists/oss-security/2026/02/09/3 https://lists.apache.org/thread/nx96435v77xdst7ls5lk57kqvqyj095x https://github.com/apache/airflow/pull/60801 https://access.redhat.com/security/cve/cve-2026-24098

Patch

https://airflow.apache.org/

Share on: