CVE-2026-49296
Received Received - Intake

Information Disclosure in Apache Airflow

Vulnerability report for CVE-2026-49296, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-07

Last updated on: 2026-07-07

Assigner: Apache Software Foundation

Description

Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Dags co-located in the same source file. `GET /api/v2/dagSources/{dag_id}` β€” and the equivalent Dag-source view in the UI β€” returned the entire source file without redacting Dags the caller was not authorized to read, bypassing per-DAG read authorization. Deployments that co-locate multiple Dags in a single file and rely on per-DAG access control to limit source visibility are affected; single-Dag-per-file deployments are not. Upgrade to apache-airflow 3.3.0 or later.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-07
Last Modified
2026-07-07
Generated
2026-07-07
AI Q&A
2026-07-07
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
apache airflow From 3.3.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in Apache Airflow occurs when multiple DAGs (Directed Acyclic Graphs) are defined in the same source file. Before version 3.3.0, if a user was authorized to read one DAG in that file, they could access the entire source file, including other DAGs they were not authorized to read.

Specifically, the API endpoint `/api/v2/dagSources/{dag_id}` and the equivalent UI view would return the full source code of the file containing multiple DAGs without redacting unauthorized DAGs. This bypassed the intended per-DAG read authorization controls.

The issue affects deployments that co-locate multiple DAGs in a single file and rely on per-DAG access control to limit source visibility. Deployments with one DAG per file are not affected.

Detection Guidance

This vulnerability can be detected by testing the behavior of the `/api/v2/dagSources/{dag_id}` endpoint in Apache Airflow when accessing DAGs that are co-located in the same source file. Specifically, if a user authorized to read one DAG can retrieve the entire source file including other DAGs they are not authorized to read, the vulnerability is present.

A practical approach is to use HTTP requests to the vulnerable endpoint with different DAG IDs and observe if the response includes source code of unauthorized DAGs.

Example command using curl to test the endpoint:

  • curl -i -H "Authorization: Bearer <token>" https://<airflow-host>/api/v2/dagSources/<dag_id>

Replace `<token>`, `<airflow-host>`, and `<dag_id>` accordingly. If the response contains source code of DAGs other than the requested one, the vulnerability exists.

Mitigation Strategies

The immediate and recommended mitigation is to upgrade Apache Airflow to version 3.3.0 or later, where this vulnerability has been fixed.

Until the upgrade can be performed, consider avoiding co-locating multiple DAGs in the same source file if relying on per-DAG access control to limit source visibility.

Additionally, review and restrict user permissions to minimize exposure and monitor access logs for suspicious requests to the `/api/v2/dagSources/{dag_id}` endpoint.

Compliance Impact

This vulnerability allows a user authorized to read one DAG to access the source code of other DAGs co-located in the same source file without proper authorization. Such unauthorized disclosure of source code could lead to exposure of sensitive information or intellectual property.

In environments subject to compliance standards like GDPR or HIPAA, unauthorized access to sensitive data or code could violate data protection and confidentiality requirements. Specifically, if DAG source code contains sensitive logic, credentials, or personal data processing details, this vulnerability could lead to non-compliance by failing to enforce strict access controls.

Therefore, deployments that rely on per-DAG access control but co-locate multiple DAGs in a single file may be at risk of violating compliance standards due to this improper authorization bypass.

Upgrading to Apache Airflow 3.3.0 or later, which fixes this issue by enforcing per-file authorization, is necessary to maintain compliance with such standards.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of sensitive source code for DAGs that a user is not permitted to access.

If your deployment places multiple DAGs in the same source file and relies on per-DAG access control, an authorized user for one DAG could view the source code of other DAGs in that file, potentially exposing confidential logic, credentials, or business processes.

This could result in information leakage, increased risk of insider threats, or exposure of proprietary workflows.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49296. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart