HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-41084Published Modified CNA apache

CVE-2026-41084: Apache Airflow: API authorization bypass: bulk TaskInstances allows cross-DAG mutation

A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`) evaluated authorization against the `dag_id` resolved from the URL path while operating on the `dag_id` / `dag_run_id` extracted from request-body entity fields. An authenticated UI/API user with edit permission on one Dag could mutate Task Instance state in any other Dag by keeping the authorized Dag's ID in the URL path and naming the target Dag's IDs in the request body entities. Affects deployments that rely on per-Dag edit-scope to keep Task Instance state isolated between teams. Users are advised to upgrade to `apache-airflow` 3.2.2 or later.

Metrics

CVSS v3.1
7.5
Severity
HIGH
Fixed in
3.2.2
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An authorization bypass in Apache Airflow's bulk Task Instances API allows an authenticated user with edit permission on one DAG to modify Task Instance state in any other DAG. The vulnerability is reachable over the network without elevated credentials and requires no victim interaction. Successful exploitation lets an attacker mutate or delete Task Instance records belonging to DAGs they have no permission to touch, breaking workflow isolation between teams. A patched-image rebuild at version 3.2.2 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against customer images, including custom-built Airflow images, in both registry scans and active pipeline checks.

Available
Triage

HarborGuard scores this CVE at 7.5 HIGH using the published CVSS v3.1 vector and weights it against each customer org's per-environment compliance policy, routing findings to the team inbox responsible for the affected workload.

Available
Patch

A patched-image rebuild at Apache Airflow 3.2.2 becomes available on HarborGuard as soon as the upstream release is confirmed. For customers who opt into auto-remediation, HarborGuard runs a regression test suite against the rebuilt image and opens a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable API endpoint is exposed over the network; an attacker must be able to reach the Airflow API service via HTTP/S to exploit this flaw.

  • AuthenticationRequired

    The attacker must hold a valid account with at least edit permission on one DAG; no elevated or admin credentials are needed beyond that low-privilege foothold.

  • Victim interactionNot required

    The exploit is carried out entirely through crafted API requests; no action from another user or administrator is needed.

  • Attack complexityDetail

    The exploit is reliable and condition-free: the attacker simply places the authorized DAG ID in the URL path and the target DAG IDs in the request body, with no race conditions or environmental factors to overcome.

Blast Radius

  • The attacker patches or deletes Task Instance state records in DAGs they have no permission to edit, bypassing per-DAG access isolation.
  • Scheduled or running workflow tasks in the target DAG can be forcibly marked as succeeded, failed, or skipped, corrupting pipeline execution history.
  • Teams relying on DAG-scoped permissions to separate workloads lose that isolation guarantee, exposing cross-team data pipelines to unauthorized modification.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-41084 is active in every scan cycle, covering images derived from Apache Airflow 3.2.0 through versions earlier than 3.2.2. A rebuild at 3.2.2 is queued as soon as the affected image is identified in a customer registry or pipeline. For customers with auto-remediation enabled, HarborGuard rebuilds the image, runs a regression test pass, and opens a PR against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in those environments. Where compliance policy requires manual sign-off, the rebuilt image and test results are staged and the finding is routed to the responsible team for review. Because the affected version range is narrow (3.2.0 to pre-3.2.2), customers running earlier Airflow versions are not affected and will not receive a spurious alert.

See how HarborGuard automates this

Fix available

3.2.2
Patch commits
Affected packages
  • Apache Software Foundation / Apache Airflow
    < 3.2.2 (from 3.2.0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References