CVE-2026-27173— Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments
Possible ATT&CK Techniques 3AI
T1550 · Use Alternate Authentication Material T1078 · Valid Accounts T1528 · Steal Application Access TokenAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Airflow CNCF Kubernetes provider | < 10.17.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-27173
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments
Source: NVD (National Vulnerability Database)
Vulnerability Description
JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
文件和路径信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Airflow 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Airflow是美国阿帕奇(Apache)基金会的一套具有创建、管理和监控工作流程功能的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow存在安全漏洞,该漏洞源于工作线程使用的JWT令牌暴露给对Kubernetes Pods具有只读访问权限的用户,可能导致用户执行仅限运行任务可用的操作并修改任务数据库状态。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow CNCF Kubernetes provider | 0 ~ 10.17.0 | - |
II. Public POCs for CVE-2026-27173
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-27173
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-27173 (1)
Mailing List Discussions for CVE-2026-27173 (1)
Same Patch Batch · Apache Software Foundation · 2026-05-19 · 20 CVEs total
| CVE-2026-31909 | Apache OFBiz: Unauthenticated Shipment Label Image Disclosure | |
| CVE-2026-29220 | Apache OFBiz: Low-Privilege LFI in Content Component | |
| CVE-2026-29207 | Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component | |
| CVE-2026-29226 | Apache OFBiz: Low-Privilege SSRF in Content Component | |
| CVE-2026-31378 | Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execut | |
| CVE-2026-31379 | Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File W | |
| CVE-2026-31380 | Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass | |
| CVE-2026-31387 | Apache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonati | |
| CVE-2026-31388 | Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature | |
| CVE-2026-31906 | Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog P | |
| CVE-2026-42526 | Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS | |
| CVE-2026-31910 | Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File | |
| CVE-2026-31986 | Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injectio | |
| CVE-2026-35086 | Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email s | |
| CVE-2026-41919 | Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Element | |
| CVE-2026-45187 | Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users | |
| CVE-2026-45434 | Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE | |
| CVE-2026-46586 | Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy | |
| CVE-2026-47323 | Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering |
IV. Related Vulnerabilities
Same vendor: Apache Software Foundation
- CVE-2026-44417
Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS - CVE-2026-44618
Apache CXF: XXE vulnerability in WS-Transfer functionality - CVE-2026-44930
Apache CXF: LDAP Injection vulnerability in XKMS LDAP Reposi - CVE-2026-48207
Apache Fory: PyFory ReduceSerializer Incomplete Policy Enfor - CVE-2026-45760
Apache Camel K: Camel K Cross-Namespace Build Deputy Attack
Same weakness: CWE-538
- CVE-2026-5434
Improper storage of sensitive information - CVE-2023-54346
WordPress Plugin Backup Migration 1.2.8 Unauthenticated Data - CVE-2026-7071
CodeAstro Online Job Portal user-cvs file information disclo - CVE-2026-6160
code-projects Simple ChatBox Endpoint chatbox.sql SimpleChat - CVE-2019-25706
Across DR-810 ROM-0 Unauthenticated File Disclosure
V. Comments for CVE-2026-27173
No comments yet