PYSEC-2026-1150

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow-providers-microsoft-mssql/PYSEC-2026-1150.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1150
Aliases
Published
2026-07-07T11:45:19.357379Z
Modified
2026-07-07T17:46:21.279248999Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability
Details

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use get_sqlalchemy_connection and someone with access to connection resources specifically updating the connection to exploit it.

This issue affects Apache Airflow ODBC Provider: before 4.0.0; Apache Airflow MSSQL Provider: before 3.4.1.

It is recommended to upgrade to a version that is not affected

References

Affected packages

PyPI / apache-airflow-providers-microsoft-mssql

Package

Name
apache-airflow-providers-microsoft-mssql
View open source insights on deps.dev
Purl
pkg:pypi/apache-airflow-providers-microsoft-mssql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.1

Affected versions

1.*
1.0.0b1
1.0.0b2
1.0.0rc1
1.0.0
1.0.1rc1
1.0.1
1.1.0rc1
1.1.0
2.*
2.0.0rc1
2.0.0rc2
2.0.0
2.0.1rc1
2.0.1
2.1.0rc1
2.1.0rc2
2.1.0
2.1.1rc1
2.1.1
2.1.2rc1
2.1.2
2.1.3rc1
2.1.3
3.*
3.0.0rc1
3.0.0rc2
3.0.0
3.1.0rc1
3.1.0
3.2.0rc1
3.2.0rc2
3.2.0rc3
3.2.0
3.2.1rc1
3.2.1
3.3.0rc1
3.3.0
3.3.1rc2
3.3.1rc3
3.3.1
3.3.2rc1
3.3.2rc2
3.3.2
3.4.0rc1
3.4.0rc2
3.4.0
3.4.1rc1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow-providers-microsoft-mssql/PYSEC-2026-1150.yaml"