{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "apache-airflow-core",
"purl": "pkg:pypi/apache-airflow-core"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"3.0.0",
"3.0.0rc1",
"3.0.0rc1.post1",
"3.0.0rc1.post2",
"3.0.0rc1.post3",
"3.0.0rc1.post4",
"3.0.0rc2",
"3.0.0rc3",
"3.0.0rc4",
"3.0.1",
"3.0.1rc1",
"3.0.2",
"3.0.2rc1",
"3.0.2rc2",
"3.0.3",
"3.0.3rc1",
"3.0.3rc2",
"3.0.3rc3",
"3.0.3rc4",
"3.0.3rc5",
"3.0.3rc6",
"3.0.4",
"3.0.4rc1",
"3.0.4rc2",
"3.0.5",
"3.0.5rc1",
"3.0.5rc2",
"3.0.5rc3",
"3.0.6",
"3.0.6rc1",
"3.0.6rc2",
"3.1.0",
"3.1.0b1",
"3.1.0b2",
"3.1.0rc1",
"3.1.0rc2",
"3.1.1",
"3.1.1rc1",
"3.1.1rc2",
"3.1.2",
"3.1.2rc1",
"3.1.2rc2",
"3.1.3",
"3.1.3rc1",
"3.1.4",
"3.1.4rc1",
"3.1.4rc2",
"3.1.5",
"3.1.5rc1",
"3.1.6",
"3.1.6rc1",
"3.1.7",
"3.1.7rc1",
"3.1.7rc2",
"3.1.8",
"3.1.8rc1",
"3.1.8rc2",
"3.2.0",
"3.2.0b1",
"3.2.0b2",
"3.2.0rc1",
"3.2.0rc2",
"3.2.1",
"3.2.1rc1",
"3.2.1rc2",
"3.2.1rc3",
"3.2.2rc1",
"3.2.2rc2",
"3.2.2rc3"
]
}
],
"aliases": [
"CVE-2026-49298",
"GHSA-5j6p-jrrm-6x94"
],
"details": "A bug in Apache Airflow\u0027s KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster (e.g. `pods/get` in the Airflow namespace) could harvest the JWT from `kubectl describe pod` output and then call state-mutating Execution API endpoints \u2014 triggering Dag runs, clearing runs, reading or writing Variables / Connections / XComs \u2014 as if they were a running task. Affects deployments using the `KubernetesExecutor`. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. This is the airflow-core half of the same vulnerability addressed by [CVE-2026-27173](https://www.cve.org/CVERecord?id=CVE-2026-27173), which shipped the apache-airflow-providers-cncf-kubernetes side of the fix. Deployments that already upgraded `apache-airflow-providers-cncf-kubernetes` to 10.17.0 or later per the CVE-2026-27173 advisory should additionally upgrade `apache-airflow` to 3.2.2 or later to close the core-side surface \u2014 the two fixes are complementary, not duplicates.",
"id": "PYSEC-2026-2358",
"modified": "2026-07-13T16:03:22.978681Z",
"published": "2026-07-13T15:35:23.107476Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49298"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/pull/60108"
},
{
"type": "WEB",
"url": "https://github.com/apache/airflow/pull"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/wo09vrks8189dzsot39rvrx3vnx102tt"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/apache-airflow-core"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-5j6p-jrrm-6x94"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Apache Airflow: Execution API JWT leaked via KubernetesExecutor worker command-line args"
}