How is CVE-2026-40961 exploited?

Network reachability (required): The attacker must reach the Airflow login endpoint over the network; the service must be exposed to the attacker's network path. Authentication (not-required): No account or session credentials are needed to craft and distribute the malicious redirect URL. Victim interaction (required): A victim must click the attacker-crafted URL for the redirect to occur, making this a social-engineering vector typically delivered via phishing. Attack complexity (info): Exploitation is reliable and condition-free; no race conditions or special environmental state are required to craft a bypassing URL.

What is the impact of CVE-2026-40961?

A victim who clicks the crafted link is redirected from the trusted Airflow domain to an attacker-controlled site without visible warning. The attacker can present a spoofed Airflow login page at the destination, harvesting the victim's Airflow credentials or SSO tokens. Session cookies or authentication tokens passed in the redirect chain may be exposed to the attacker-controlled origin depending on browser and proxy behavior.

Back to search

HIGHCVE-2026-40961Published 2026-06-01Modified 2026-06-02CNA apache

CVE-2026-40961: Apache Airflow: Open Redirect Bypass Vulnerability

A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check, enabling redirection from a trusted Airflow domain to an attacker-controlled origin. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deployment operators can place Airflow behind a reverse proxy that strips off-domain `next=` query parameters before they reach the login endpoint.

CVSS v3.1: 7.2
Severity: HIGH
Fixed in: 3.2.2
Affected Products: 1

HarborGuard Analysis

Synopsis

An open redirect vulnerability in Apache Airflow's login redirect route allows an unauthenticated remote attacker to craft a URL that bypasses the built-in safe-URL check, causing victims who click the link to be silently forwarded from a trusted Airflow domain to an attacker-controlled site. No authentication is required and no special conditions need to be met, making this straightforward to weaponize for phishing and credential-harvesting campaigns. A patched-image rebuild at version 3.2.2 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built Airflow images, in both registry scans and active CI/CD pipeline checks.

Available

Triage

HarborGuard scores this CVE at CVSS 7.2 HIGH and is capable of weighting that score against each customer organization's compliance policy to determine breach-of-threshold status; the resulting finding is routed to the inbox or alert channel configured for that environment.

Available

Patch

A patched-image rebuild at Apache Airflow 3.2.2 becomes available on HarborGuard for any environment whose scanned images fall in the affected range (3.0.0 to less than 3.2.2). For customers who opt into auto-remediation, HarborGuard can perform the rebuild, run a regression test suite against it, and open a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The attacker must reach the Airflow login endpoint over the network; the service must be exposed to the attacker's network path.
AuthenticationNot required
No account or session credentials are needed to craft and distribute the malicious redirect URL.
Victim interactionRequired
A victim must click the attacker-crafted URL for the redirect to occur, making this a social-engineering vector typically delivered via phishing.
Attack complexityDetail
Exploitation is reliable and condition-free; no race conditions or special environmental state are required to craft a bypassing URL.

Blast Radius

A victim who clicks the crafted link is redirected from the trusted Airflow domain to an attacker-controlled site without visible warning.
The attacker can present a spoofed Airflow login page at the destination, harvesting the victim's Airflow credentials or SSO tokens.
Session cookies or authentication tokens passed in the redirect chain may be exposed to the attacker-controlled origin depending on browser and proxy behavior.

How HarborGuard Handles This

Available on HarborGuard: scanning for CVE-2026-40961 is active across all connected registries and pipelines, with findings surfaced within minutes of a matching image being detected. Where compliance policy permits auto-remediation, HarborGuard can rebuild the affected image at Apache Airflow 3.2.2, run regression checks against the rebuilt image, and open a pull request against affected workloads; for high-severity issues, median time from CVE publication to merged patch PR is around 90 minutes in environments with auto-remediation enabled. For teams that cannot upgrade immediately, HarborGuard surfaces the defense-in-depth guidance from the advisory: placing Airflow behind a reverse proxy configured to strip off-domain 'next=' query parameters before they reach the login endpoint reduces exposure until the patched image is promoted to production.

See how HarborGuard automates this

Fix available

3.2.2

Patch commits

github.com

Affected packages

Apache Software Foundation / Apache Airflow
< 3.2.2 (from 3.0.0)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available