A directory listing operation in the Apache Airflow SFTP provider allows a malicious or compromised SFTP server to supply a directory entry with a crafted name that causes Airflow to write a local file outside the configured destination directory. The flaw is triggered when SFTPHook.retrieve_directory or SFTPOperator with an 'get' operation is used. The attack requires only that Airflow connects to the SFTP server; no Airflow user authentication is needed. If exploited, an attacker can overwrite arbitrary files on the host running Airflow, potentially leading to privilege escalation or application compromise. The weakness is a classic directory traversal flaw, listed as CWE-22.

This vulnerability affects the Apache Airflow SFTP provider bundled with Airflow prior to version 5.8.1. Any deployment that uses the SFTPHook.retrieve_directory or SFTPOperator to download directories from an untrusted SFTP server is susceptible.

The EPSS score is below 1%, indicating a very low probability of widespread exploitation. The CVSS score of 9.1 categorizes this vulnerability as critical. The vulnerability is not listed in CISA KEV. Nonetheless, the impact is high because file overwrite can occur without authentication. The likely attack vector is a remote SFTP server that the Airflow instance connects to; a compromised or misconfigured server can serve malicious directory names to cause the out‑of‑bounds write. Given the high severity of the potential impact and the fact that any Airflow deployment may be affected, organizations should treat this flaw as a critical security concern despite the low EPSS score.