PYSEC-2026-773

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow-providers-docker/PYSEC-2026-773.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2026-773
Aliases
Published
2026-07-06T08:03:32.004381Z
Modified
2026-07-07T11:45:36.919909135Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Remote code execution in Apache Airflow Docker's Provider
Details

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host. Disable loading of example DAGs or upgrade apache-airflow-providers-docker to 3.0.0 or above.

References

Affected packages

PyPI / apache-airflow-providers-docker

Package

Name
apache-airflow-providers-docker
View open source insights on deps.dev
Purl
pkg:pypi/apache-airflow-providers-docker

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.0

Affected versions

1.*
1.0.0b1
1.0.0b2
1.0.0rc1
1.0.0
1.0.1rc1
1.0.1
1.0.2rc1
1.0.2
1.1.0rc1
1.1.0
1.2.0rc1
1.2.0
2.*
2.0.0rc1
2.0.0rc2
2.0.0
2.1.0rc1
2.1.0rc2
2.1.0
2.1.1rc1
2.1.1
2.2.0rc1
2.2.0
2.3.0rc1
2.3.0
2.4.0rc1
2.4.0
2.4.1rc1
2.4.1rc2
2.4.1
2.5.0rc1
2.5.0
2.5.1rc1
2.5.1
2.5.2rc1
2.5.2
2.6.0rc1
2.6.0
2.7.0rc1
2.7.0
3.*
3.0.0rc1
3.0.0rc2

Database specific

source
"https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow-providers-docker/PYSEC-2026-773.yaml"