CVE-2026-42359

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2

Description A bug in the XCom PATCH endpoint "PATCH /api/v2/xcomEntries/{key}" allows an authenticated UI/API user with XCom write permission on a Dag to set XCom entries using reserved key names, such as return value. While the POST endpoint validates against FORBIDDEN XCOM KEYS, the PATCH endpoint does not. Additionally, the endpoint accepts serialized payload shapes that the triggerer's deserializer treats as code. This combination enables Remote Code Execution (RCE) on the triggerer when the affected task next defers. This issue specifically affects deployments where untrusted users possess XCom write permissions on Dags that defer to the triggerer.

Recommendations Update to version 3.2.2 or later.