Description
A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg`) or (b) supply a `task_id` containing `..` sequences accepted by the Task SDK's `KEY_REGEX` (write-path attack), and in both cases the FileTaskHandler resolves the log path outside the configured `base_log_folder`, leaking or overwriting arbitrary files. Only affects deployments where the worker log folder is shared with the API server. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deploy the worker and API server with separate log volumes so that worker-controlled paths cannot reach the API server's filesystem.
Published: 2026-06-01
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A DAG author can create a symbolic link inside the task's log directory or supply a task_id that contains path traversal tokens. The FileTaskHandler then resolves the target file outside the configured base_log_folder, allowing the API server process to read or overwrite arbitrary files such as /etc/passwd or airflow.cfg. This flaw exposes confidential data and permits modification of system configuration, effectively compromising confidentiality and integrity of the deployment.

Affected Systems

Apache Airflow, published by the Apache Software Foundation. Deployments prior to version 3.2.2 are affected, particularly those that share the worker log folder with the API server. The issue does not affect isolated worker setups where the log volume is not accessible to the API server.

Risk and Exploitability

The vulnerability can be exploited by any actor who can author or modify a DAG, which often requires administrative permissions. < 1% EPSS score indicates a low likelihood of exploitation, and the vulnerability is not listed in the CISA KEV catalog, but the CVSS score is 6.5. The attack path requires the ability to create files in the worker log directory and to trigger a task run that resolves the path, making the risk moderate in environments where DAG authors are trusted but the log volume is shared.

Generated by OpenCVE AI on June 2, 2026 at 18:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Patch Apache Airflow to version 3.2.2 or later.
  • Deploy the worker and API server with separate, non‑shared log directories so that symlinks created by workers cannot reach the API server’s filesystem.
  • Limit DAG author privileges so that only trusted users can create DAGs or specify task_id values that could contain path traversal sequences.

Generated by OpenCVE AI on June 2, 2026 at 18:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 02 Jun 2026 19:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*

Tue, 02 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
References

Mon, 01 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache airflow
Vendors & Products Apache
Apache airflow

Mon, 01 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg`) or (b) supply a `task_id` containing `..` sequences accepted by the Task SDK's `KEY_REGEX` (write-path attack), and in both cases the FileTaskHandler resolves the log path outside the configured `base_log_folder`, leaking or overwriting arbitrary files. Only affects deployments where the worker log folder is shared with the API server. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deploy the worker and API server with separate log volumes so that worker-controlled paths cannot reach the API server's filesystem.
Title Apache Airflow: Arbitrary File Read via Log Symlink following in FileTaskHandler
Weaknesses CWE-59
References

Subscriptions

Apache Airflow
cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-06-02T16:42:26.285Z

Reserved: 2026-04-15T13:58:24.192Z

Link: CVE-2026-40861

cve-icon Vulnrichment

Updated: 2026-06-01T09:52:20.189Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-01T09:16:17.893

Modified: 2026-06-02T18:49:39.063

Link: CVE-2026-40861

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-02T18:30:15Z

Weaknesses
  • CWE-59

    Improper Link Resolution Before File Access ('Link Following')