CVE-2026-45360
Analyzed Analyzed - Analysis Complete
Arbitrary Code Execution in Apache Airflow Scheduler

Publication date: 2026-06-01

Last updated on: 2026-06-03

Assigner: Apache Software Foundation

Description
Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler β€” the default on single-host deployments where the DAG bundle is importable from the scheduler process β€” could embed a custom `DeadlineReference` whose serialized form named an attacker-controlled module path, causing the scheduler to `import_string(...)` and instantiate that class with a live SQLAlchemy session attached. Affects deployments where DAG-author code is less trusted than the scheduler process. Users are advised to upgrade to `apache-airflow` 3.2.2 or later.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-03
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-45360
EUVD
EUVD-2026-33587
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache airflow to 3.2.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how CVE-2026-45360 impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

This vulnerability in Apache Airflow involves the scheduler-side deadline-reference decoder, which previously imported and instantiated arbitrary class paths from DAG-author-controlled serialized state without any allowlist or plugin registry gate.

A DAG author could embed a custom DeadlineReference whose serialized form named an attacker-controlled module path, causing the scheduler to import and instantiate that class with a live SQLAlchemy session attached.

This means that if the DAG-author code is less trusted than the scheduler process, an attacker could execute arbitrary code within the scheduler by exploiting this flaw.

The vulnerability was addressed by requiring custom deadline references to be registered via plugins instead of being defined inline in DAGs, replacing the unsafe import_string() method with a plugin-based registry system.

Impact Analysis

This vulnerability can allow an attacker who can control DAG-author code to execute arbitrary code within the Airflow scheduler process.

Since the scheduler process may have elevated privileges and access to live SQLAlchemy sessions, this could lead to unauthorized access, data manipulation, or disruption of workflow scheduling.

Deployments where DAG-author code is less trusted than the scheduler process are particularly at risk.

Detection Guidance

This vulnerability involves the scheduler-side deserialization of arbitrary class paths from DAG-author-controlled serialized state in Apache Airflow. Detection would involve inspecting DAGs for usage of custom DeadlineReference classes defined inline rather than via the new plugin registry system.

Specifically, you can check your DAG files for any custom DeadlineReference definitions that are not registered as plugins. Since the vulnerability arises from the scheduler importing attacker-controlled modules via import_string(), monitoring or logging import_string calls or unexpected module imports in the scheduler process could help detect exploitation attempts.

However, no explicit detection commands or network signatures are provided in the available resources.

Mitigation Strategies

The primary mitigation step is to upgrade Apache Airflow to version 3.2.2 or later, where this vulnerability is fixed by requiring custom deadline references to be registered via plugins instead of being defined inline in DAGs.

Additionally, review your DAGs for any custom DeadlineReference classes defined inline and migrate them to use the new plugin-based registry system by implementing the `deadline_references` attribute in the AirflowPlugin class.

This approach prevents the scheduler from importing arbitrary attacker-controlled modules and instantiating them with live SQLAlchemy sessions.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45360. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart