CVE-2026-24098

medium Apache
CVSS v3 Base Score
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Published: February 9, 2026
Last Modified: March 11, 2026
Vendor: Apache
Source: NVD

Description

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue

CWE

CWE-200

Affected Products

apache airflow

References

🔗 github.com 🔗 lists.apache.org 🔗 www.openwall.com