CVE-2026-24098

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-24098

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24098.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-24098

Aliases

Downstream

MINI-fqfh-37wx-x88p

MINI-rffg-fq8x-r9pq

Published

2026-02-09T11:16:14.660Z

Modified

2026-03-14T15:05:49.895512Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to.

Users are advised to upgrade to 3.1.7 or later, which resolves this issue

References

Affected packages

Git / github.com/apache/airflow

Affected ranges

Type

GIT

Repo

https://github.com/apache/airflow

Events

Introduced

1fc3442f1307fdf5e1221b26f41266c4fed330d3

Fixed

dc8ffa291b8b0c582cb639c9f3a3c3fd2a96ecf2

Database specific

{
    "versions": [
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.1.7"
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24098.json"