Description
A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`) evaluated authorization against the `dag_id` resolved from the URL path while operating on the `dag_id` / `dag_run_id` extracted from request-body entity fields. An authenticated UI/API user with edit permission on one Dag could mutate Task Instance state in any other Dag by keeping the authorized Dag's ID in the URL path and naming the target Dag's IDs in the request body entities. Affects deployments that rely on per-Dag edit-scope to keep Task Instance state isolated between teams. Users are advised to upgrade to `apache-airflow` 3.2.2 or later.
Published: 2026-06-01
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an authenticated user with edit permission on one DAG to modify Task Instance state for any other DAG by exploiting a mismatch between the DAG ID in the URL path and the DAG ID in the request body. This mismatch causes the API to evaluate authorization against the wrong DAG ID, enabling unauthorized cross‑DAG mutation. The weakness is a classic Authorization Bypass (CWE‑639) that can lead to unintended data manipulation within the Airflow platform, potentially disrupting workflow executions.

Affected Systems

Apache Airflow installations that rely on per‑DAG edit scopes, including any deployment using versions earlier than apache‑airflow 3.2.2, are affected. The official fix is available in version 3.2.2 and later.

Risk and Exploitability

The attack requires a legitimate Airflow account with edit permissions on at least one DAG, so the vector is likely via the authenticated UI or API. While EPSS is not published and the vulnerability is not in the CISA KEV catalog, the nature of the flaw means that an attacker with sufficient permissions could alter critical workflow state. The absence of a publicly known exploit does not negate the risk, and organizations should treat the issue as high until the patch is applied.

Generated by OpenCVE AI on June 1, 2026 at 10:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest Apache Airflow release 3.2.2 or later, which removes the mismatch in authorization checks.
  • Restrict DAG edit permissions to only trusted users and limit bulk Task Instances API usage to necessary personnel.
  • Implement additional authorization validation by comparing the DAG ID in the request body with the path parameter before processing bulk Task Instance operations.

Generated by OpenCVE AI on June 1, 2026 at 10:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`) evaluated authorization against the `dag_id` resolved from the URL path while operating on the `dag_id` / `dag_run_id` extracted from request-body entity fields. An authenticated UI/API user with edit permission on one Dag could mutate Task Instance state in any other Dag by keeping the authorized Dag's ID in the URL path and naming the target Dag's IDs in the request body entities. Affects deployments that rely on per-Dag edit-scope to keep Task Instance state isolated between teams. Users are advised to upgrade to `apache-airflow` 3.2.2 or later.
Title Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation
Weaknesses CWE-639
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-06-01T09:52:30.454Z

Reserved: 2026-04-16T18:11:57.535Z

Link: CVE-2026-41084

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T09:16:18.453

Modified: 2026-06-01T09:16:18.453

Link: CVE-2026-41084

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T10:30:26Z

Weaknesses