PT-2026-32366 · Airflow · Airflow
Amogh Desai
+1
·
Published
2026-04-13
·
Updated
2026-04-16
·
CVE-2025-66236
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Airflow versions prior to 3.2.0
Description
Lack of clarity regarding the responsibilities of the Deployment Manager in ensuring secure deployments. Certain assumptions about the security model, workload isolation, and JWT authentication were not explicit enough, which could lead to insecure configurations. The Deployment Manager is ultimately responsible for securing the deployment.
Recommendations
Upgrade to version 3.2.0.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Airflow