PYSEC-2026-1151

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow-providers-mysql/PYSEC-2026-1151.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-1151
Aliases
Published
2026-07-07T14:34:50.999793Z
Modified
2026-07-07T17:46:28.398718438Z
Severity
  • 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
  • 5.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Apache Airflow MySQL Provider is Vulnerable to SQL Injection
Details

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Airflow MySQL Provider.

When user triggered a DAG with dumpsql or loadsql functions they could pass a table parameter from a UI, that could cause SQL injection by running SQL that was not intended. It could lead to data corruption, modification and others. This issue affects Apache Airflow MySQL Provider: before 6.2.0.

Users are recommended to upgrade to version 6.2.0, which fixes the issue.

References

Affected packages

PyPI / apache-airflow-providers-mysql

Package

Name
apache-airflow-providers-mysql
View open source insights on deps.dev
Purl
pkg:pypi/apache-airflow-providers-mysql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.2.0

Affected versions

1.*
1.0.0b1
1.0.0b2
1.0.0rc1
1.0.0
1.0.1rc1
1.0.1
1.0.2rc1
1.0.2
1.1.0rc1
1.1.0
2.*
2.0.0rc1
2.0.0rc2
2.0.0
2.1.0rc1
2.1.0rc2
2.1.0
2.1.1rc1
2.1.1
2.2.0rc1
2.2.0rc2
2.2.0
2.2.1rc1
2.2.1
2.2.2rc1
2.2.2
2.2.3rc1
2.2.3
3.*
3.0.0rc1
3.0.0rc2
3.0.0
3.1.0rc1
3.1.0
3.2.0rc1
3.2.0rc2
3.2.0rc3
3.2.0
3.2.1rc1
3.2.1
3.3.0rc1
3.3.0
3.4.0rc2
3.4.0rc3
3.4.0
4.*
4.0.0rc1
4.0.0
4.0.1rc1
4.0.1
4.0.2rc1
4.0.2
5.*
5.0.0rc1
5.0.0
5.1.0rc1
5.1.0rc2
5.1.0
5.1.1rc1
5.1.1
5.2.0rc1
5.2.0
5.2.1rc1
5.2.1
5.3.0rc1
5.3.0
5.3.1rc1
5.3.1
5.4.0rc1
5.4.0
5.5.0rc1
5.5.0
5.5.1rc1
5.5.1
5.5.2rc1
5.5.2rc2
5.5.2
5.5.3rc1
5.5.3
5.5.4rc1
5.5.4
5.6.0rc1
5.6.0
5.6.1rc1
5.6.1
5.6.2rc1
5.6.2
5.6.3rc1
5.6.3
5.7.0rc1
5.7.0
5.7.1rc1
5.7.1
5.7.2rc1
5.7.2
5.7.3rc1
5.7.3
5.7.4rc1
5.7.4
6.*
6.0.0rc1
6.0.0rc2
6.0.0
6.1.0rc1
6.1.0
6.2.0rc1

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow-providers-mysql/PYSEC-2026-1151.yaml"