Apache Airflow · Apache Airflow Amazon Provider · CVE-2026-42526
**Name of the Vulnerable Software and Affected Versions**
apache-airflow-providers-amazon versions prior to 9.28.0
**Description**
In the AWS Secrets Manager and SSM Parameter Store secrets backends, the team-scoping logic could resolve a `conn id` containing a `/` (for example, "my team/conn") to the same path as another team's team-scoped secret when the caller lacked team context. This allows a privileged caller without team context to retrieve secrets from another team by crafting a colliding `conn id`. This issue only affects the experimental multi-tenant teams feature.
**Recommendations**
Upgrade to version 9.28.0.