CVE-2026-27173

Name of the Vulnerable Software and Affected Versions Apache Airflow (affected versions not specified)

Description JWT tokens used by workers in Kubernetes Executors are exposed to users with read-only access to Kubernetes Pods. This exposure allows users with limited permissions to perform actions intended only for running tasks via the Task SDK, potentially enabling the modification of the Airflow Database state for those tasks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.