A flaw in the login redirect logic of Apache Airflow allows authenticated users to craft URLs that circumvent the "is_safe_url" validation, enabling redirection from a trusted Airflow domain to an attacker‑controlled domain. The result is an open redirect that can be used to trick users into visiting malicious sites, enabling phishing or credential harvesting. The weakness is a classic Open Redirect (CWE‑601).

The issue affects installations of Apache Airflow running any release prior to 3.2.2. Users should verify their current version and plan to upgrade to 3.2.2 or later to receive the fixed redirect logic.

The vulnerability requires the attacker to be an authenticated Airflow user, but does not require elevated privileges or code execution. There is no publicly available EPSS score and the flaw is not listed in CISA’s KEV catalog, suggesting that, while the likelihood of exploitation is uncertain, the impact of successful exploitation could be significant through social‑engineering attacks. The CVSS score is not provided in the data, but the presence of an authenticated open redirect typically falls into a high severity range. Attackers can manipulate the "next=" query parameter to point to arbitrary URLs, bypassing internal safety checks. No critical prerequisites beyond successful authentication are required, making the exploit straightforward for compromised or target accounts.