PYSEC-2026-218

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow-providers-sftp/PYSEC-2026-218.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2026-218

Aliases

CVE-2026-50203
GHSA-qf38-jq28-3ccq

Published

2026-06-17T13:20:47.213Z

Modified

2026-06-18T14:56:23.599374473Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A path traversal in the SFTP provider (SFTPHook.retrieve_directory / SFTPOperator(operation=get)) let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is any deployment downloading directories from an untrusted SFTP server. Upgrade apache-airflow-providers-sftp to 5.8.1 or later.

References

Affected packages

PyPI / apache-airflow-providers-sftp

Package

Name: apache-airflow-providers-sftp; View open source insights on deps.dev
Purl: pkg:pypi/apache-airflow-providers-sftp

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.8.1

Affected versions

1.*

1.0.0b1

1.0.0b2

1.0.0rc1

1.0.0

1.1.0rc1

1.1.0

1.1.1rc1

1.1.1

1.2.0rc1

1.2.0

2.*

2.0.0rc1

2.0.0rc2

2.0.0

2.1.0rc1

2.1.0rc2

2.1.0

2.1.1rc1

2.1.1

2.2.0rc1

2.2.0

2.3.0rc1

2.3.0

2.4.0rc1

2.4.0

2.4.1rc1

2.4.1

2.5.0rc1

2.5.0

2.5.1rc1

2.5.1

2.5.2rc1

2.5.2

2.6.0rc1

2.6.0

3.*

3.0.0rc1

3.0.0rc2

3.0.0

3.1.0rc1

4.*

4.0.0rc1

4.0.0

4.1.0rc1

4.1.0

4.2.0rc1

4.2.0

4.2.1rc1

4.2.1rc2

4.2.1

4.2.2rc1

4.2.2

4.2.3rc1

4.2.3

4.2.4rc1

4.2.4

4.3.0rc1

4.3.0rc2

4.3.0

4.3.1rc1

4.3.1

4.4.0rc1

4.4.0

4.5.0rc1

4.5.0

4.6.0rc1

4.6.0

4.6.1rc1

4.6.1

4.7.0rc1

4.7.0

4.8.0rc1

4.8.0

4.8.1rc1

4.8.1

4.9.0rc1

4.9.0

4.9.1rc1

4.9.1

4.10.0rc1

4.10.0

4.10.1rc1

4.10.1

4.10.2rc1

4.10.2

4.10.3rc1

4.10.3

4.11.0rc1

4.11.0

4.11.1rc1

4.11.1

5.*

5.0.0rc1

5.0.0rc2

5.0.0

5.1.0rc1

5.1.0

5.1.1rc1

5.1.1

5.1.2rc1

5.1.2

5.2.0rc1

5.2.0

5.2.1rc1

5.2.1

5.3.0rc1

5.3.0

5.3.1rc1

5.3.1

5.3.2rc1

5.3.2

5.3.3rc1

5.3.3

5.3.4rc1

5.3.4

5.4.0rc1

5.4.0

5.4.1rc1

5.4.1

5.4.2rc1

5.4.2

5.5.0rc1

5.5.0

5.5.1rc1

5.5.1

5.6.0rc1

5.6.0

5.7.0rc1

5.7.0

5.7.1rc1

5.7.1

5.7.2rc1

5.7.2

5.7.3rc1

5.7.3

5.7.4rc1

5.7.4

5.8.0rc1

5.8.0

5.8.1rc1

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow-providers-sftp/PYSEC-2026-218.yaml"