Franco Cano Erazo

**Name of the Vulnerable Software and Affected Versions** Apache Airflow versions prior to 2.2.0 **Description** The issue affects users with "can create" permissions on DAG Runs, allowing them to create Dag Runs for dags they don't have "edit" permissions for. This is a specific case where the user's permissions do not align with the expected access control. **Recommendations** For versions prior to 2.2.0, update to version 2.2.0 or later to resolve the issue. As a temporary workaround, consider restricting the "can create" permissions on DAG Runs to only those users who also have "edit" permissions for the respective dags.