CVE-2026-32690

CVSS v3.1

3.7

Low

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.0

Description Secrets stored within variables as JSON dictionaries are not properly redacted. When a user retrieves these variables, secrets located in nested fields are not masked.

Recommendations Upgrade to version 3.2.0.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

BIT-AIRFLOW-2026-32690

CVE-2026-32690

GHSA-W9R4-94FJ-XP69

PYSEC-2026-19

Affected Products

Apache Airflow

CVE-2026-32690

Weakness Enumeration

Related Identifiers

Affected Products

References · 11