PYSEC-2026-12

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2026-12.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-12
Aliases
Published
2026-02-09T11:16:14.660Z
Modified
2026-06-10T17:00:26.540320259Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to.

Users are advised to upgrade to 3.1.7 or later, which resolves this issue

References

Affected packages

PyPI / apache-airflow

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.0.0
Fixed
3.1.7

Affected versions

3.*
3.0.0
3.0.1rc1
3.0.1
3.0.2rc1
3.0.2rc2
3.0.2
3.0.3rc1
3.0.3rc2
3.0.3rc3
3.0.3rc4
3.0.3rc5
3.0.3rc6
3.0.3
3.0.4rc1
3.0.4rc2
3.0.4
3.0.5rc1
3.0.5rc2
3.0.5rc3
3.0.5
3.0.6rc1
3.0.6rc2
3.0.6
3.1.0b1
3.1.0b2
3.1.0rc1
3.1.0rc2
3.1.0
3.1.1rc1
3.1.1rc2
3.1.1
3.1.2rc1
3.1.2rc2
3.1.2
3.1.3rc1
3.1.3
3.1.4rc1
3.1.4rc2
3.1.4
3.1.5rc1
3.1.5
3.1.6rc1
3.1.6
3.1.7rc1
3.1.7rc2

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2026-12.yaml"