Description
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.

Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.
Published: 2026-04-18
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Apply Patch
AI Analysis

Impact

A crafted XCom payload can cause Apache Airflow’s webserver to deserialize arbitrary data and instantiate classes, allowing a Dag Author to execute code in the webserver process. The vulnerability originates from the API extra‑links handling and results in untrusted data being deserialized without validation. This flaw enables Remote Code Execution for users with Dag Author privileges, which are considered highly trusted but still pose a risk if they abuse this capability.

Affected Systems

Apache Airflow versions prior to 3.2.0, including 3.1.5, are impacted. The advisory recommends updating to Airflow 3.2.0 or newer to address the issue. Earlier releases that still use the same XCom deserialization logic are also susceptible.

Risk and Exploitability

CWE‑502 classifies this as Deserialization of Untrusted Data; the reported severity is low because the attacker must already have Dag Author status, a level of trust within a project. EPSS is not available and the vulnerability is not listed in the CISA KEV catalog. Exploit would require the attacker to craft an XCom payload and submit it through the webserver API, which may be limited by role‑based access controls. In environments where Dag Authors have unrestricted API access, the risk is heightened, but in tightly controlled deployments the likelihood of exploitation remains moderate.

Generated by OpenCVE AI on April 18, 2026 at 08:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Apache Airflow 3.2.0 or newer, which contains the deserialization fix.
  • Limit Dag Author privileges to reduce the ability to submit arbitrary XCom payloads or disable the API endpoints that expose XCom deserialization if the feature is not needed.
  • Apply strict role‑based access control on the Airflow webserver, ensuring that only users with the minimal necessary permissions can interact with XCom or execute DAG code.

Generated by OpenCVE AI on April 18, 2026 at 08:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 18 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache airflow
Vendors & Products Apache
Apache airflow

Sat, 18 Apr 2026 07:30:00 +0000

Type Values Removed Values Added
References

Sat, 18 Apr 2026 07:00:00 +0000

Type Values Removed Values Added
Description Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.
Title Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)
Weaknesses CWE-502
References

Subscriptions

Apache Airflow
cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-04-18T06:28:53.080Z

Reserved: 2026-02-09T11:43:28.920Z

Link: CVE-2026-25917

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-18T07:16:09.347

Modified: 2026-04-18T07:16:09.347

Link: CVE-2026-25917

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T09:30:25Z

Weaknesses