CVE-2026-42252
Command Injection Risk in Apache Airflow Documentation Example
Publication date: 2026-06-01
Last updated on: 2026-06-01
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | airflow | 3.2.2 |
| apache | airflow | From 3.2.2 (inc) |
| apache | airflow | to 3.1.9 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1336 | The product uses a template engine to insert or process externally-influenced input, but it does not neutralize or incorrectly neutralizes special elements or syntax that can be interpreted as template expressions or other code directives when processed by the engine. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves Apache Airflow's documentation showing an unsafe example where the BashOperator uses a Jinja template to pass parameters from dag_run.conf directly into a bash command without any quoting or sanitization.
If a Dag author copied this example verbatim into their deployment, users with permission to trigger the Dag could inject shell metacharacters via the conf field, potentially executing arbitrary shell commands on the worker.
The issue was a documentation inconsistency: while the BashOperator docs warned against this unsafe pattern, the Core Concepts - Dag Run document showed the unsafe example, which could mislead users.
The vulnerability was addressed by updating the documentation to include explicit shell quoting and safety warnings, helping users avoid insecure coding practices.
How can this vulnerability impact me? :
If your Airflow deployment uses Dag code modeled on the vulnerable documentation example, an authenticated user with permission to trigger Dags could exploit this vulnerability to perform shell command injection.
This could allow the attacker to execute arbitrary commands on the Airflow worker, potentially leading to unauthorized access, data compromise, or disruption of workflow execution.
Such an attack could be particularly impactful in multi-team or hosted environments where trigger API access is exposed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users should upgrade to apache-airflow version 3.2.2 or later, which includes corrected documentation and safer usage patterns for the BashOperator to prevent shell injection.
Additionally, avoid using the unsafe pattern of passing dag_run.conf values directly into bash_command without proper quoting or sanitization.
Review and update any existing DAG code modeled on the pre-correction documentation example to include explicit shell-quoting and safety caveats when using BashOperator with dynamic parameters.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability arises from unsafe usage of the BashOperator in Apache Airflow DAGs, where user-supplied parameters from dag_run.conf are passed directly into bash_command without proper sanitization or quoting, leading to potential shell injection.
To detect if your system is vulnerable, you should audit your Airflow DAG code for instances where BashOperator is used with bash_command referencing dag_run.conf values directly and without shell-quoting or sanitization.
There are no specific network detection commands provided in the resources, but you can search your DAG files for patterns like:
- grep -r "BashOperator.*dag_run.conf" /path/to/your/airflow/dags
- grep -r "bash_command=.*{{ dag_run.conf" /path/to/your/airflow/dags
Additionally, monitoring for suspicious outbound connections from Airflow workers (such as unexpected TCP connections to unknown hosts or ports) could indicate exploitation attempts, but no specific commands are provided in the resources.
The recommended mitigation is to upgrade to apache-airflow version 3.2.2 or later, which includes corrected documentation and safer usage patterns.