Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow | 0 ~ 3.3.0 | - |
| # | POC Description | Source Link | Shenlong Link |
|---|
No public POC found.
Login to generate AI POC| CVE-2026-33264 | Apache Airflow: DAG author RCE on webserver via unrestricted import_string() in BaseSerial | |
| CVE-2026-48828 | Apache Airflow: Bulk JSON Variables bypass should_hide_value_for_key - redact() called wit | |
| CVE-2026-49296 | Apache Airflow: Per-DAG read bypass discloses co-located DAGs' source via GET /api/v2/dagS | |
| CVE-2026-48891 | Apache Airflow: /ui/dependencies scheduling graph leaks unreadable Dag identifiers via tri | |
| CVE-2026-48892 | Apache Airflow: Config API leaks per-key secrets backend kwargs - masker bypass on synthet |
No comments yet