CVE-2026-30898

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

An example of BashOperator in Airflow documentation suggested a way of passing dag run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted this incorrect advice.

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-77

Related Identifiers

CVE-2026-30898

Affected Products

Apache Airflow

CVE-2026-30898

Weakness Enumeration

Related Identifiers

Affected Products

References · 4