Description
The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts (including their request parameters) and full TaskInstance details for DAGs outside their authorized scope. Because HITL prompts and TaskInstance fields routinely carry operator parameters and free-form context attached to a task, the leak widens visibility of DAG-run data beyond the intended per-DAG RBAC boundary for every authenticated user.

Users are recommended to upgrade to version 3.2.1 , which fixes this issue.
Published: 2026-04-24
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized disclosure of HITL prompts and TaskInstance data for DAGs outside a user’s authorized scope
Action: Patch Update
AI Analysis

Impact

An authenticated Airflow user with read access to at least one DAG can call the /ui/dags endpoint and retrieve Human‑in‑the‑Loop prompts, including request parameters, as well as full TaskInstance details for DAGs that the user is not authorized to view. The exposed data often contains operator parameters and contextual information, increasing visibility of DAG run data beyond the intended per‑DAG RBAC boundaries.

Affected Systems

Apache Software Foundation’s Apache Airflow is affected. Versions prior to 3.2.1 are vulnerable; upgrading to 3.2.1 or later applies the fix that enforces per‑DAG access control on the /ui/dags endpoint.

Risk and Exploitability

The vulnerability carries a CVSS score of 4.3, indicating moderate risk. The EPSS score is below 1%, suggesting a low probability of exploitation at any given time, and the issue is not listed in CISA’s KEV catalog. The attack vector is inferred to be authenticated, as the endpoint requires a logged‑in user with DAG read permission. An attacker would need legitimate Airflow credentials and permission to any DAG to exploit the weakness, after which they could read data for DAGs outside their scope.

Generated by OpenCVE AI on April 28, 2026 at 20:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Apache Airflow to version 3.2.1 or later to apply the fix enforcing per‑DAG access control on the /ui/dags endpoint.
  • Audit and adjust DAG‑level permissions to ensure users have only the necessary read access to DAGs, limiting exposure of sensitive operator parameters.
  • Monitor audit logs for repeated or anomalous access to the /ui/dags endpoint to detect potential misuse of exposed DAG data.

Generated by OpenCVE AI on April 28, 2026 at 20:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-p3v3-229h-mc63 Apache Airflow's authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance record
History

Mon, 27 Apr 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache airflow
CPEs cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache airflow

Fri, 24 Apr 2026 17:30:00 +0000

Type Values Removed Values Added
References

Fri, 24 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Description The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts (including their request parameters) and full TaskInstance details for DAGs outside their authorized scope. Because HITL prompts and TaskInstance fields routinely carry operator parameters and free-form context attached to a task, the leak widens visibility of DAG-run data beyond the intended per-DAG RBAC boundary for every authenticated user. Users are recommended to upgrade to version 3.2.1 , which fixes this issue.
Title Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities
Weaknesses CWE-1220
References

Subscriptions

Apache Airflow
cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-04-24T16:20:26.179Z

Reserved: 2026-04-06T09:51:13.806Z

Link: CVE-2026-38743

cve-icon Vulnrichment

Updated: 2026-04-24T16:20:26.179Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-24T13:16:21.110

Modified: 2026-04-27T12:24:28.403

Link: CVE-2026-38743

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T20:30:06Z

Weaknesses