Apache Airflow Multiple Vulnerabilities Advisory

CERT-Bund Security Advisories

Published March 16th, 2026

Detected March 17th, 2026

Summary

CERT-Bund has issued a security advisory for Apache Airflow, detailing multiple vulnerabilities with a CVSS score of 8.6. The advisory affects versions prior to 3.1.8 and impacts Linux and UNIX operating systems. Exploitation could lead to security bypass and information disclosure.

View original document View source feed page

What changed

CERT-Bund has released security advisory WID-SEC-2026-0755 concerning multiple vulnerabilities in Apache Airflow, rated with a high CVSS base score of 8.6. The vulnerabilities affect Apache Airflow versions prior to 3.1.8 and can be exploited by remote attackers to bypass security measures and disclose information. The advisory applies to Linux and UNIX operating systems.

Organizations using affected versions of Apache Airflow should update to version 3.1.8 or later to mitigate these risks. While no specific compliance deadline is mentioned, prompt patching is recommended to prevent potential security breaches and data compromise. Failure to address these vulnerabilities could expose systems to unauthorized access and data exfiltration.

What to do next

Update Apache Airflow to version 3.1.8 or later.
Review system logs for any signs of exploitation.

Source document (simplified)

[WID-SEC-2026-0755] Apache Airflow: Mehrere Schwachstellen CVSS Base Score 8.6 (hoch) CVSS Temporal Score 7.5 (hoch) Remoteangriff ja Datum 16.03.2026 Stand 17.03.2026 Mitigation ja

Betroffene Systeme

Betriebssystem

Linux
UNIX

Produktbeschreibung

Apache Airflow ist eine Plattform zur programmatischen Erstellung, Planung und Überwachung von Workflows.

Produkte

16.03.2026
- Apache Airflow <3.1.8

Angriff

Ein Angreifer kann mehrere Schwachstellen in Apache Airflow ausnutzen, um Sicherheitsvorkehrungen zu umgehen, und um Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben