| CVE-2026-57111 | medium | — | Permissive Cross-Origin Resource Sharing (CORS) in the REST API (helix-rest, org.apache.helix.rest.s… | Jul 9, 2026 | Jul 9, 2026 |
| CVE-2026-41042 | medium | — | Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which exe… | Jul 8, 2026 | Jul 8, 2026 |
| CVE-2026-49487 | medium | 6.5 | In Apache Airflow before 3.3.0, the REST API task-instance detail and list
endpoints returned a defe… | Jul 7, 2026 | Jul 9, 2026 |
| CVE-2026-49296 | medium | 6.5 | Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Da… | Jul 7, 2026 | Jul 8, 2026 |
| CVE-2026-48892 | medium | 6.5 | The Config API in Apache Airflow surfaced per-key secrets-backend overrides (environment variables l… | Jul 7, 2026 | Jul 9, 2026 |
| CVE-2026-48891 | medium | 4.3 | A bug in Apache Airflow's `/ui/dependencies` scheduling graph endpoint applied the caller's readable… | Jul 7, 2026 | Jul 9, 2026 |
| CVE-2026-48828 | medium | 6.5 | The Bulk Variables API in Apache Airflow called the redactor without passing the variable's key, so … | Jul 7, 2026 | Jul 8, 2026 |
| CVE-2026-33264 | critical | 9.8 | A bug in `BaseSerialization.deserialize()` allowed unrestricted `import_string()` of attacker-contro… | Jul 7, 2026 | Jul 8, 2026 |
| CVE-2026-43825 | high | 7.3 | Untrusted Java Deserialization in Apache OpenNLP SvmDoccatModel
Versions Affected:
before 3.0.0-M… | Jul 6, 2026 | Jul 8, 2026 |
| CVE-2026-49297 | high | 8.1 | Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator… | Jul 6, 2026 | Jul 8, 2026 |
| CVE-2026-49042 | high | 7.3 | Improper Input Validation vulnerability in Apache Camel.
This issue affects Apache Camel: from 4.8.… | Jul 6, 2026 | Jul 8, 2026 |
| CVE-2026-46588 | high | 7.3 | Improper Input Validation vulnerability in Apache Camel.
This issue affects Apache Camel: through 4… | Jul 6, 2026 | Jul 8, 2026 |
| CVE-2026-46587 | high | 7.3 | Improper Input Validation vulnerability in Apache Camel.
This issue affects Apache Camel: through 4… | Jul 6, 2026 | Jul 8, 2026 |
| CVE-2026-56140 | critical | 9.8 | Improper Input Validation vulnerability in Apache Camel AWS SNS component.
The camel-aws2-sns comp… | Jul 6, 2026 | Jul 9, 2026 |
| CVE-2026-56139 | medium | 5.3 | Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Undertow … | Jul 6, 2026 | Jul 9, 2026 |
| CVE-2026-55994 | high | 7.5 | Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side R… | Jul 6, 2026 | Jul 9, 2026 |
| CVE-2026-55993 | high | 7.5 | Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor, Server-Side R… | Jul 6, 2026 | Jul 9, 2026 |
| CVE-2026-53913 | critical | 9.8 | Improper Authentication, Missing Authentication for Critical Function, Not Failing Securely ('Failin… | Jul 6, 2026 | Jul 9, 2026 |
| CVE-2026-49365 | medium | 5.3 | Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTT… | Jul 6, 2026 | Jul 9, 2026 |
| CVE-2026-49099 | medium | 5.3 | Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), … | Jul 6, 2026 | Jul 8, 2026 |
| CVE-2026-49098 | medium | 5.3 | Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstrea… | Jul 6, 2026 | Jul 8, 2026 |
| CVE-2026-49097 | medium | 6.5 | Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstrea… | Jul 6, 2026 | Jul 8, 2026 |
| CVE-2026-49086 | medium | 6.5 | Improper Input Validation, Unintended Proxy or Intermediary ('Confused Deputy') vulnerability in Apa… | Jul 6, 2026 | Jul 8, 2026 |
| CVE-2026-48206 | medium | 5.3 | Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache … | Jul 6, 2026 | Jul 8, 2026 |
| CVE-2026-48205 | critical | 9.1 | Improper Input Validation, Server-Side Request Forgery (SSRF) vulnerability in Apache Camel DNS comp… | Jul 6, 2026 | Jul 8, 2026 |