Multiple Vulnerabilities in Apache Airflow Allow Arbitrary Code Execution and Security Bypass

72% confidence

Description

An attacker can exploit multiple vulnerabilities in Apache Airflow to execute arbitrary code or achieve unspecified impacts, potentially bypassing security measures.

Affected Products

Vendor	Product	Versions
apache	apache airflow	—

Related News (1 articles)

Tier B

BSI Advisories9h ago

[NEU] [hoch] Apache Airflow: Mehrere Schwachstellen

→ No new info (linked only)

CISA KEV❌ No

Actively exploited❌ No

PublishedApr 14, 2026

Last enriched9h ago

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-34197EXP

Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Authenticated users could perform RCE via Jolokia MBeans

Trending: 60

MEDIUMCVE-2026-34479EXP

Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters

Trending: 58

MEDIUMCVE-2026-34480EXP

Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Trending: 57

HIGHCVE-2026-34476EXP

Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server

Trending: 50

MEDIUMCVE-2026-34477EXP

Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass

Trending: 49

Pin to Dashboard

Verification

State: reported

Confidence: 72%

Vulnerability Timeline

CVE Published

Apr 14, 2026

Discovered by ZDM

Apr 14, 2026