CVE-2026-49487
Received Received - Intake

Sensitive Data Exposure in Apache Airflow REST API

Vulnerability report for CVE-2026-49487, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-07

Last updated on: 2026-07-07

Assigner: Apache Software Foundation

Description

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret (for example a provider API key) into its trigger, any authenticated user with DAG-scoped task-instance read access for that DAG could read that secret in clear text while the task was deferred. Users should upgrade to apache-airflow 3.3.0 or later, which masks sensitive values in trigger kwargs returned by the API.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-07
Last Modified
2026-07-07
Generated
2026-07-07
AI Q&A
2026-07-07
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
apache airflow From 3.3.0 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in Apache Airflow before version 3.3.0 involves the REST API exposing sensitive information. Specifically, the task-instance detail and list endpoints returned the trigger keyword arguments (kwargs) of deferred tasks without masking them.

If a deferred operator passed a secret, such as a provider API key, into its trigger, any authenticated user with DAG-scoped task-instance read access for that DAG could see that secret in clear text while the task was deferred.

The issue was fixed in Apache Airflow 3.3.0 by masking sensitive values in the trigger kwargs returned by the API, replacing the actual decrypted values with an empty dictionary to prevent secret leakage.

Compliance Impact

This vulnerability exposes sensitive information such as provider API keys in clear text to any authenticated user with DAG-scoped task-instance read access. Such exposure of secrets can lead to unauthorized access or data breaches.

Because sensitive credentials are leaked through the API, this could potentially violate data protection and security requirements mandated by standards like GDPR and HIPAA, which require safeguarding of sensitive information and prevention of unauthorized disclosure.

Upgrading to Apache Airflow 3.3.0 or later mitigates this risk by masking sensitive values in the API responses, helping maintain compliance with these regulations.

Impact Analysis

This vulnerability can lead to the exposure of sensitive secrets such as API keys or tokens to any authenticated user who has DAG-scoped task-instance read access.

Such exposure can result in unauthorized access to external services or systems that rely on these secrets, potentially leading to data breaches, unauthorized operations, or further compromise of the environment.

Detection Guidance

This vulnerability involves the Apache Airflow REST API exposing sensitive trigger keyword arguments (kwargs) in plaintext through the task-instance detail and list endpoints. Detection would involve inspecting API responses for the presence of unmasked sensitive data such as provider API keys or tokens in the trigger kwargs.

To detect this on your system, you can perform authenticated API requests to the task-instance detail or list endpoints for DAGs where you have DAG-scoped task-instance read access, and check if the trigger kwargs field contains sensitive information in clear text.

Example commands using curl to query the Airflow REST API (replace placeholders accordingly):

  • curl -X GET "http://<airflow-host>/api/v1/dags/<dag_id>/taskInstances/<task_id>" -H "Authorization: Bearer <your_token>"
  • curl -X GET "http://<airflow-host>/api/v1/dags/<dag_id>/taskInstances" -H "Authorization: Bearer <your_token>"

Inspect the JSON response for the trigger kwargs field. If it contains sensitive values in plaintext, your system is vulnerable.

Mitigation Strategies

The primary mitigation step is to upgrade Apache Airflow to version 3.3.0 or later, where the REST API masks sensitive values in trigger kwargs returned by the API.

Until the upgrade is applied, restrict DAG-scoped task-instance read access to trusted users only, to minimize the risk of sensitive data exposure.

Additionally, review and rotate any potentially exposed secrets such as provider API keys or tokens that might have been leaked.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-49487. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart