PT-2026-56175 · Apache · Apache Airflow

Amogh Desai

+4

·

Published

2026-07-07

·

Updated

2026-07-07

·

CVE-2026-33264

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions apache-airflow versions prior to 3.3.0
Description A bug in the BaseSerialization.deserialize() function allows unrestricted import string() of attacker-controlled class paths when the Scheduler or API Server loads a serialized DAG. A DAG author can embed a malicious trigger into a DAG to achieve remote code execution on the API Server or Scheduler process, bypassing the security boundary that prevents DAG-author code from executing within those processes.
Recommendations Upgrade to apache-airflow version 3.3.0 or later. Restrict the [core] allowed deserialization classes configuration to a narrow allowlist in deployments where trust in DAG authors is limited.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-33264

Affected Products

Apache Airflow