PT-2026-33594 · Airflow · Airflow
Ahmad Abuzaid
+1
·
Published
2026-04-18
·
Updated
2026-04-21
·
CVE-2026-32228
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Airflow versions prior to 3.2.0
Description
A user with asset materialize permission via the UI or API can trigger DAGs (Directed Acyclic Graphs, which are collections of all the tasks you want to run, organized in a way that reflects their relationships) to which they do not have access.
Recommendations
Update to version 3.2.0.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Airflow