CVE-2026-24098

medium Apache
CVSS v3 Base Score
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 87% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
High
Integrity
None
Availability
None
Published: February 9, 2026 (94 days ago)
Last Modified: March 11, 2026
Vendor: Apache
Source: NVD

Description

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue

CWE

CWE-200

Affected Products

apache airflow

References

🔗 github.com 🔗 lists.apache.org 🔗 www.openwall.com