HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-49298Published Modified CNA apache

CVE-2026-49298: Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments

A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster (e.g. `pods/get` in the Airflow namespace) could harvest the JWT from `kubectl describe pod` output and then call state-mutating Execution API endpoints — triggering Dag runs, clearing runs, reading or writing Variables / Connections / XComs — as if they were a running task. Affects deployments using the `KubernetesExecutor`. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. This is the airflow-core half of the same vulnerability addressed by [CVE-2026-27173](https://www.cve.org/CVERecord?id=CVE-2026-27173), which shipped the apache-airflow-providers-cncf-kubernetes side of the fix. Deployments that already upgraded `apache-airflow-providers-cncf-kubernetes` to 10.17.0 or later per the CVE-2026-27173 advisory should additionally upgrade `apache-airflow` to 3.2.2 or later to close the core-side surface — the two fixes are complementary, not duplicates.

Metrics

CVSS v3.1
8.8
Severity
HIGH
Fixed in
3.2.2
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A JWT token exposure vulnerability in Apache Airflow's KubernetesExecutor allows an authenticated attacker with limited Kubernetes read access to steal worker pod authentication tokens from pod spec command-line arguments. Reachable over the network with any low-privilege account, a successful attacker can call state-mutating Execution API endpoints as if they were a trusted running task, gaining read and write access to DAG runs, Variables, Connections, and XComs. A patched-image rebuild at version 3.2.2 is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-49298 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI pipelines, including custom-built Airflow images derived from the official base. Any image carrying apache-airflow below 3.2.2 with KubernetesExecutor in scope is flagged automatically.

Available
Triage

HarborGuard scores this CVE at 8.8 HIGH using the CVSS v3.1 vector and weighs it against each environment's compliance policy to determine alert priority and ownership routing. Triage notifications are directed to the team or inbox mapped to the affected workload within each customer organization.

Available
Patch

A patched-image rebuild pinned to apache-airflow 3.2.2 becomes available on HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard triggers the rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads; note that this flow is gated on each environment's compliance policy permitting automated changes.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Airflow API and Kubernetes API server over the network; both surfaces are exposed to authenticated users with cluster access.

  • AuthenticationRequired

    Any low-privilege Airflow account combined with Kubernetes read-only access (pods/get in the Airflow namespace) is sufficient; no admin credentials are needed.

  • Victim interactionNot required

    No victim action is required; the attacker reads static pod spec output and calls API endpoints directly.

  • Attack complexityDetail

    The exploit is reliable and condition-free: the JWT is present in plain text in kubectl describe pod output whenever the KubernetesExecutor is in use.

Blast Radius

  • Reads sensitive Airflow Variables and Connections, which commonly store database credentials, API keys, and cloud provider secrets.
  • Reads and writes XCom values, allowing manipulation of data passed between tasks in running or future DAG runs.
  • Triggers new DAG runs or clears existing runs, causing unintended pipeline executions or data reprocessing.
  • Operates with full task-level API authority for the duration the harvested JWT remains valid, without any further escalation needed.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of CVE publication for any image carrying apache-airflow below 3.2.2, including custom images built on the official Apache Airflow base. Because this vulnerability pairs with CVE-2026-27173 (the apache-airflow-providers-cncf-kubernetes side of the same fix), HarborGuard surfaces both CVEs when scanning images so teams can confirm both the core package and the provider package are updated together. For customers who opt into auto-remediation, HarborGuard rebuilds the image at apache-airflow 3.2.2, runs a regression test pass, and opens a PR against affected workloads; where compliance policy permits, the median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes. Environments that already applied the CVE-2026-27173 fix (providers-cncf-kubernetes 10.17.0 or later) should confirm the core-side upgrade to 3.2.2 is also in scope, as the two fixes are complementary.

See how HarborGuard automates this

Fix available

3.2.2
Patch commits
Affected packages
  • Apache Software Foundation / Apache Airflow
    < 3.2.2 (from 0)
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References