Description
Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket (typically a different trust principal than the DAG author — partner uploads, ingest-only service accounts, public-data buckets) could create an object whose name contains `..` segments and cause the DAG run to write the downloaded blob outside the configured destination (the SFTP `destination_path` for `GCSToSFTPOperator`; the worker-local temp directory for `GCSTimeSpanFileTransformOperator`), enabling overwrite of arbitrary files on the SFTP server or the worker host. Affects deployments that ingest from buckets writable by less-trusted principals. Users are advised to upgrade to `apache-airflow-providers-google` 22.2.1 or later.
Published: 2026-07-06
Score: 8.1 High
EPSS: 1.1% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Apache Airflow’s Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator concatenate GCS object names from a bucket listing directly to a destination path without normalising '..' segments or validating containment. An attacker who can write objects to the source GCS bucket—and who can trigger an Airflow DAG run that uses the affected operators—could upload a file whose name contains directory‑traversal sequences and cause the operator to write the downloaded content outside the intended directory. The resulting overwrite can replace files on an SFTP server or the Airflow worker host, compromising file integrity and potentially exposing confidential data or facilitating further compromise. The weakness is classified as CWE‑22.

Affected Systems

The Apache Airflow Google provider is affected in all releases prior to version 22.2.1 of the apache‑airflow‑providers‑google package. Deployments that ingest data from GCS buckets that are writable by less‑trusted principals, such as partner uploads or public‑data buckets, are impacted.

Risk and Exploitability

The CVSS score of 8.1 indicates this vulnerability is High. The EPSS score of <1% indicates a low but non‑zero likelihood of exploitation, and the issue is not listed in the CISA KEV catalog. The attack requires two conditions: write access to the source GCS bucket and the ability to trigger a DAG run that executes the affected operators. If insecure bucket write policies exist, an attacker can exploit path traversal to overwrite arbitrary files on the SFTP server or worker host. Although public exploits are not reported, the impact of a successful attack is significant due to the potential for host compromise.

Generated by OpenCVE AI on July 9, 2026 at 12:18 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade apache‑airflow‑providers‑google to version 22.2.1 or later to apply the vendor patch that normalises object names and validates destination paths.
  • Restrict write access on the GCS buckets used by Airflow DAGs to trusted principals only, preventing untrusted partners or public‑data buckets from uploading maliciously named objects.
  • Implement or enforce strict validation of output paths in any custom ingestion logic, ensuring destination paths are confined to a safe directory and that incoming object names are sanitized prior to use.

Generated by OpenCVE AI on July 9, 2026 at 12:18 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 06 Jul 2026 20:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Mon, 06 Jul 2026 12:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache airflow Google Provider
Vendors & Products Apache
Apache airflow Google Provider

Mon, 06 Jul 2026 10:30:00 +0000

Type Values Removed Values Added
Description Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket (typically a different trust principal than the DAG author — partner uploads, ingest-only service accounts, public-data buckets) could create an object whose name contains `..` segments and cause the DAG run to write the downloaded blob outside the configured destination (the SFTP `destination_path` for `GCSToSFTPOperator`; the worker-local temp directory for `GCSTimeSpanFileTransformOperator`), enabling overwrite of arbitrary files on the SFTP server or the worker host. Affects deployments that ingest from buckets writable by less-trusted principals. Users are advised to upgrade to `apache-airflow-providers-google` 22.2.1 or later.
Title Apache Airflow Google provider: Path traversal via GCS object names → local/SFTP filesystem (GCSToSFTPOperator + GCSTimeSpanFileTransformOperator)
Weaknesses CWE-22
References

Subscriptions

Apache Airflow Google Provider
cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-07-06T19:26:04.051Z

Reserved: 2026-05-28T20:42:43.353Z

Link: CVE-2026-49297

cve-icon Vulnrichment

Updated: 2026-07-06T11:35:35.152Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-09T12:30:17Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')