CVE-2026-49298
Analyzed Analyzed - Analysis Complete
JWT Token Exposure in Apache Airflow KubernetesExecutor

Publication date: 2026-06-01

Last updated on: 2026-06-03

Assigner: Apache Software Foundation

Description
A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster (e.g. `pods/get` in the Airflow namespace) could harvest the JWT from `kubectl describe pod` output and then call state-mutating Execution API endpoints β€” triggering Dag runs, clearing runs, reading or writing Variables / Connections / XComs β€” as if they were a running task. Affects deployments using the `KubernetesExecutor`. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. This is the airflow-core half of the same vulnerability addressed by [CVE-2026-27173](https://www.cve.org/CVERecord?id=CVE-2026-27173), which shipped the apache-airflow-providers-cncf-kubernetes side of the fix. Deployments that already upgraded `apache-airflow-providers-cncf-kubernetes` to 10.17.0 or later per the CVE-2026-27173 advisory should additionally upgrade `apache-airflow` to 3.2.2 or later to close the core-side surface β€” the two fixes are complementary, not duplicates.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-01
Last Modified
2026-06-03
Generated
2026-06-21
AI Q&A
2026-06-01
EPSS Evaluated
2026-06-20
NVD
CVE-2026-49298
EUVD
EUVD-2026-33580
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache airflow to 3.2.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-538 The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a bug in Apache Airflow's KubernetesExecutor where JWT tokens used by worker pods to authenticate against the Execution API are passed as command-line arguments visible in the pod specification.

An authenticated UI/API user with Kubernetes read-only access to the cluster (for example, permission to get pods in the Airflow namespace) can extract the JWT token by running 'kubectl describe pod'.

With the harvested JWT token, the attacker can call state-mutating Execution API endpoints, allowing them to trigger DAG runs, clear runs, and read or write Variables, Connections, or XComs, effectively acting as if they were a running task.

This affects deployments using the KubernetesExecutor and requires upgrading Apache Airflow to version 3.2.2 or later to fix the issue.

Impact Analysis

If exploited, this vulnerability allows an attacker with limited Kubernetes read-only access to escalate their privileges within Apache Airflow.

The attacker can perform unauthorized actions such as triggering DAG runs, clearing existing runs, and reading or modifying sensitive configuration data like Variables, Connections, and XComs.

This could lead to disruption of workflows, unauthorized data access or modification, and potential compromise of the Airflow environment's integrity.

Detection Guidance

This vulnerability can be detected by inspecting Kubernetes pods running Apache Airflow with the KubernetesExecutor to see if JWT tokens are exposed as command-line arguments in the pod specifications.

A practical command to detect this is to use kubectl to describe pods in the Airflow namespace and look for JWT tokens in the command-line arguments:

  • kubectl describe pod <pod-name> -n <airflow-namespace>

If JWT tokens appear in the output under the command or args sections, this indicates the vulnerability is present.

Mitigation Strategies

The immediate mitigation step is to upgrade Apache Airflow to version 3.2.2 or later.

Additionally, if you have already upgraded apache-airflow-providers-cncf-kubernetes to 10.17.0 or later as per the related CVE-2026-27173 advisory, you must also upgrade apache-airflow itself to 3.2.2 or later to fully close the vulnerability.

These two upgrades are complementary and both are required to fully mitigate the issue.

Compliance Impact

The vulnerability allows an authenticated UI/API user with Kubernetes read-only access to harvest JWT tokens from pod specifications and use them to perform unauthorized state-mutating actions on the Execution API. This exposure of authentication tokens and unauthorized access could lead to data integrity and confidentiality issues.

Such unauthorized access and token leakage may impact compliance with standards and regulations like GDPR and HIPAA, which require strict controls over access to sensitive data and auditability of actions. The ability to impersonate running tasks and modify variables, connections, or other sensitive data could violate these compliance requirements.

Users are advised to upgrade to Apache Airflow 3.2.2 or later to mitigate this risk.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49298. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart