CVE-2026-48891
Received Received - Intake

Information Disclosure in Apache Airflow UI

Vulnerability report for CVE-2026-48891, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-07

Last updated on: 2026-07-07

Assigner: Apache Software Foundation

Description

A bug in Apache Airflow's `/ui/dependencies` scheduling graph endpoint applied the caller's readable-Dag filter to the top-level serialized Dag key but still emitted referenced Dag IDs through the `dep.source` and `dep.target` fields of trigger / sensor dependency entries. An authenticated UI user with read permission on some Dags could enumerate the identifiers of other Dags they were not authorized to read by inspecting the dependency graph for trigger / sensor references. Affects deployments that rely on per-Dag read scoping to keep Dag identifiers private across teams. This is a residual gap in the fix for CVE-2026-28563, which filtered the top-level Dag key but did not propagate the filter into the trigger / sensor dep-source / dep-target fields. Users who already upgraded for CVE-2026-28563 should additionally upgrade to `apache-airflow` 3.3.0 or later to cover the residual trigger / sensor dependency leak.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-07
Last Modified
2026-07-07
Generated
2026-07-07
AI Q&A
2026-07-07
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
apache airflow From 3.3.0 (inc)
apache airflow to 3.2.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in Apache Airflow's UI scheduling graph endpoint (/ui/dependencies). It occurs because the system applies a readable-DAG filter only to the top-level serialized DAG key but does not apply this filter to the referenced DAG IDs found in the trigger and sensor dependency entries (dep.source and dep.target fields).

As a result, an authenticated user with read permission on some DAGs can enumerate identifiers of other DAGs they are not authorized to read by inspecting the dependency graph. This leaks information about DAGs that should remain private across teams.

This issue is a residual gap from a previous fix (CVE-2026-28563) that filtered the top-level DAG key but did not propagate the filter into the trigger/sensor dependency fields. The fix for this vulnerability extends the readable-DAG filter to also check the source and target DAG IDs within each dependency object, skipping any dependency nodes referencing unreadable DAGs.

Impact Analysis

This vulnerability can impact you by allowing authenticated users with limited read permissions to discover identifiers of DAGs they are not authorized to access. This can lead to unintended information disclosure about the existence and relationships of DAGs across teams.

Such information leakage could potentially expose sensitive metadata or workflow structures that organizations intend to keep private, which might aid attackers or unauthorized users in mapping out internal processes.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade Apache Airflow to version 3.3.0 or later.

This update extends the readable-DAG filter to cover trigger and sensor dependency source and target fields, preventing unauthorized enumeration of DAG identifiers.

If you have already upgraded for CVE-2026-28563, this additional upgrade is necessary to cover the residual leak.

Compliance Impact

This vulnerability allows an authenticated user with read permission on some DAGs to enumerate identifiers of other DAGs they are not authorized to read by inspecting the dependency graph. This leakage of unauthorized DAG identifiers could potentially expose sensitive information that organizations aim to keep private across teams.

Such unauthorized information disclosure may impact compliance with standards and regulations like GDPR or HIPAA, which require strict access controls and protection of sensitive data. If DAG identifiers or metadata are considered sensitive or linked to regulated data processing workflows, this vulnerability could lead to non-compliance by exposing information to unauthorized users.

Therefore, deployments relying on per-DAG read scoping to maintain privacy across teams should upgrade to Apache Airflow 3.3.0 or later to mitigate this residual information leak and help maintain compliance with relevant data protection standards.

Detection Guidance

This vulnerability involves unauthorized enumeration of DAG identifiers via the Apache Airflow UI scheduling graph endpoint (/ui/dependencies). Detection involves verifying if the dependency graph endpoint leaks DAG IDs that the authenticated user should not have access to.

To detect this on your system, you can perform authenticated HTTP GET requests to the /ui/dependencies endpoint with a user account that has read permissions on some DAGs but not all. Then inspect the JSON response for DAG IDs in the dep.source and dep.target fields that should be inaccessible.

Example command using curl (replace placeholders accordingly):

  • curl -i -H "Authorization: Bearer <token>" "https://<airflow-host>/ui/dependencies?dependency_type=scheduling"

After retrieving the response, check if any DAG IDs appear in dep.source or dep.target fields that the user should not have permission to read. Presence of such DAG IDs indicates the vulnerability.

Note: Upgrading to Apache Airflow 3.3.0 or later is recommended to fix this issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48891. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart