PT-2026-43033 · Apache · Apache Airflow Fab Provider
Orbisai0Security
·
Published
2026-05-25
·
Updated
2026-05-25
·
CVE-2026-46745
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability (CWE-90) that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP authentication until the provider can be updated.
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Airflow Fab Provider