Description
Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's `str.lstrip()` to the requested path segment when verifying the JWT's `sub` claim. `str.lstrip()` strips any of a *set* of characters from the left (not a prefix), so a JWT issued for a Dag named e.g. `dag_a` would authorize log access to any other Dag whose name began with any subset of the characters `{d, a, g, _}` (e.g. `dag_attacker`, `aaaa_target`, `_dag_secret`). Such an authenticated worker could enumerate and read worker logs of other Dags whose names happened to share that character-class prefix, leaking task output and error traces beyond the documented per-Dag isolation boundary. Affects deployments relying on per-Dag log-access scoping (multi-team, shared-executor, shared-worker topologies). Users are advised to upgrade to `apache-airflow` 3.2.2 or later.
Published: 2026-06-01
Score: 3.1 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Apache Airflow’s Log server verifies JWT tokens by stripping the leftmost characters of the requested DAG path using Python’s str.lstrip, which unintentionally allows a token issued for one DAG to authorize access to any other DAG whose name starts with any subset of the characters present in the originally authorized DAG name. This flaw, identified as CWE‑863, enables an authenticated worker—already holding a valid Log‑server JWT for at least one DAG—to read logs from other DAGs that share a similar character‑class prefix, thereby leaking task output and error traces beyond the intended per‑DAG isolation boundary.

Affected Systems

The affected product is Apache Airflow supplied by the Apache Software Foundation; all releases older than 3.2.2 are vulnerable, and users should upgrade to version 3.2.2 or later to close the authorization bypass.

Risk and Exploitability

Because the attacker must already be authenticated with a Log‑server JWT, the threat is internal and requires possession of a valid token; exploitation requires only a standard HTTP request to the Log server, so the complexity is moderate. The vulnerability is not listed in CISA’s KEV catalog, and its EPSS score of < 1% indicates a very low likelihood of exploitation, but the potential for data exposure across DAG logs warrants immediate remediation, especially in multi‑team or shared‑executor environments.

Generated by OpenCVE AI on June 1, 2026 at 16:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Apache Airflow to 3.2.2 or newer to eliminate the JWT lstrip flaw
  • Revoke any pre‑patch Log‑server JWT tokens to reduce risk of misuse
  • Enforce stricter DAG naming conventions or unique namespace prefixes to minimize accidental cross‑prefix access

Generated by OpenCVE AI on June 1, 2026 at 16:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*

Mon, 01 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 3.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 01 Jun 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache airflow
Vendors & Products Apache
Apache airflow

Mon, 01 Jun 2026 09:30:00 +0000

Type Values Removed Values Added
References

Mon, 01 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's `str.lstrip()` to the requested path segment when verifying the JWT's `sub` claim. `str.lstrip()` strips any of a *set* of characters from the left (not a prefix), so a JWT issued for a Dag named e.g. `dag_a` would authorize log access to any other Dag whose name began with any subset of the characters `{d, a, g, _}` (e.g. `dag_attacker`, `aaaa_target`, `_dag_secret`). Such an authenticated worker could enumerate and read worker logs of other Dags whose names happened to share that character-class prefix, leaking task output and error traces beyond the documented per-Dag isolation boundary. Affects deployments relying on per-Dag log-access scoping (multi-team, shared-executor, shared-worker topologies). Users are advised to upgrade to `apache-airflow` 3.2.2 or later.
Title Apache Airflow: Log server JWT authorization bypass via Python lstrip() character stripping allows cross-Dag log access
Weaknesses CWE-863
References

Subscriptions

Apache Airflow
cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-06-01T14:59:56.586Z

Reserved: 2026-05-12T03:06:09.587Z

Link: CVE-2026-45426

cve-icon Vulnrichment

Updated: 2026-06-01T07:47:51.797Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-01T09:16:19.583

Modified: 2026-06-01T18:25:06.940

Link: CVE-2026-45426

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T17:00:13Z

Weaknesses