Description
A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster (e.g. `pods/get` in the Airflow namespace) could harvest the JWT from `kubectl describe pod` output and then call state-mutating Execution API endpoints — triggering Dag runs, clearing runs, reading or writing Variables / Connections / XComs — as if they were a running task. Affects deployments using the `KubernetesExecutor`. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. This is the airflow-core half of the same vulnerability addressed by [CVE-2026-27173](https://www.cve.org/CVERecord?id=CVE-2026-27173), which shipped the apache-airflow-providers-cncf-kubernetes side of the fix. Deployments that already upgraded `apache-airflow-providers-cncf-kubernetes` to 10.17.0 or later per the CVE-2026-27173 advisory should additionally upgrade `apache-airflow` to 3.2.2 or later to close the core-side surface — the two fixes are complementary, not duplicates.
Published: 2026-06-01
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A flaw in Apache Airflow's KubernetesExecutor caused JWT authentication tokens to be injected into worker container command line arguments, making them visible in the pod specification. An attacker who can read pod details (for example using a Kubernetes `pods/get` permission) can extract the token from `kubectl describe pod` output and then use that token to authenticate against Airflow's Execution API. With the token the attacker can invoke state‑mutating endpoints, such as triggering DAG runs, clearing runs, or reading and writing Variables, Connections, and XComs, effectively masquerading as a running task without needing to run code inside the pod. The vulnerability is a clear example of authentication bypass via credential exposure (CWE‑538).

Affected Systems

The issue affects installations that use the KubernetesExecutor in Apache Airflow. Any Airflow deployment running versions prior to 3.2.2 is vulnerable. Users who have already applied the provider‑side fix by upgrading `apache-airflow-providers-cncf-kubernetes` to 10.17.0 or newer must still upgrade the core `apache-airflow` package to 3.2.2 or later to fully mitigate the issue. The fix is specific to the core Airflow library and does not eliminate risks if the provider package remains outdated.

Risk and Exploitability

The vulnerability is not listed in the CISA KEV catalog and no EPSS score is available, indicating limited real‑world exploitation data at this time. However, the attack vector requires read‑only access to the Airflow namespace in Kubernetes, which is a realistic privilege for many internal users. The ability to obtain a valid JWT from pod command lines allows the attacker to perform a wide range of privileged API actions, giving them effective control over DAG execution and sensitive data. Because the exposed token can be captured without additional authentication and is not encrypted in transit, the risk of exploitation is significant for any environment where Kubernetes read permissions are granted to users outside of the Airflow administrative role.

Generated by OpenCVE AI on June 1, 2026 at 10:39 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade apache‑airflow to version 3.2.2 or later
  • If you have already upgraded apache‑airflow‑providers‑cncf‑kubernetes to 10.17.0 or newer, also upgrade the core apache‑airflow package to 3.2.2 or later to close the complete surface
  • Delete or restart existing worker pods so that any previously exposed JWTs are no longer present in pod specifications
  • Limit the Kubernetes namespace permissions granted to users who have UI/API access to Airflow; restrict or remove pods/get rights to only those who truly need them

Generated by OpenCVE AI on June 1, 2026 at 10:39 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 01 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster (e.g. `pods/get` in the Airflow namespace) could harvest the JWT from `kubectl describe pod` output and then call state-mutating Execution API endpoints — triggering Dag runs, clearing runs, reading or writing Variables / Connections / XComs — as if they were a running task. Affects deployments using the `KubernetesExecutor`. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. This is the airflow-core half of the same vulnerability addressed by [CVE-2026-27173](https://www.cve.org/CVERecord?id=CVE-2026-27173), which shipped the apache-airflow-providers-cncf-kubernetes side of the fix. Deployments that already upgraded `apache-airflow-providers-cncf-kubernetes` to 10.17.0 or later per the CVE-2026-27173 advisory should additionally upgrade `apache-airflow` to 3.2.2 or later to close the core-side surface — the two fixes are complementary, not duplicates.
Title Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments
Weaknesses CWE-538
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2026-06-01T07:34:32.229Z

Reserved: 2026-05-28T21:14:03.813Z

Link: CVE-2026-49298

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-01T09:16:20.770

Modified: 2026-06-01T09:16:20.770

Link: CVE-2026-49298

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-01T10:45:26Z

Weaknesses