How is CVE-2026-50203 exploited?

Network reachability (required): The attacker controls or compromises a remote SFTP server that the Airflow deployment connects to over the network; exposure exists wherever the SFTP provider downloads directories from an untrusted host. Authentication (not-required): No Airflow account or credential is needed; the attack originates from the server side of the SFTP connection, not from within the Airflow platform. Victim interaction (not-required): No user action is required; exploitation occurs automatically whenever an Airflow task runs SFTPHook.retrieve_directory or SFTPOperator with operation=get against a malicious server. Attack complexity (info): Attack complexity is low, meaning the exploit is reliable and condition-free once the attacker controls the SFTP server supplying crafted directory-entry names.

What is the impact of CVE-2026-50203?

The attacker writes arbitrary files to any path on the Airflow worker host filesystem that the Airflow process has permission to reach, including configuration files, credentials, and code. Overwriting Python modules or entrypoints on the worker enables follow-on code execution in the context of the Airflow worker process. Sensitive local files accessible to the Airflow worker, such as DAG source files, environment variable files, and mounted secrets, are exposed to exfiltration if the attacker can also read the directory contents back through SFTP.

Back to search

CRITICALCVE-2026-50203Published 2026-06-17Modified 2026-06-17CNA apache

CVE-2026-50203: Apache Airflow SFTP provider: Path traversal in SFTPHook.retrieve_directory allows local file write outside the destination directory via malicious server-supplied directory-entry names

A path traversal in the SFTP provider (`SFTPHook.retrieve_directory` / `SFTPOperator(operation=get)`) let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is any deployment downloading directories from an untrusted SFTP server. Upgrade `apache-airflow-providers-sftp` to 5.8.1 or later.

CVSS v3.1: 9.1
Severity: CRITICAL
Fixed in: 5.8.1
Affected Products: 1

HarborGuard Analysis

Synopsis

A path traversal vulnerability in the Apache Airflow SFTP provider allows a malicious or compromised remote SFTP server to write files outside the intended local destination directory. The attack is reachable over the network, requires no authentication on the Airflow side, and no user interaction. Successful exploitation gives an attacker the ability to read sensitive local files and overwrite arbitrary files on the Airflow worker host. A patched-image rebuild at version 5.8.1 is available on HarborGuard for environments running an affected version of the SFTP provider.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images, including custom-built images that bundle apache-airflow-providers-sftp below version 5.8.1.

Available

Triage

HarborGuard scores this CVE at 9.1 CRITICAL using the published CVSS v3.1 vector and weights the finding against each environment's compliance policy, routing alerts to the appropriate team inbox within the customer org.

Available

Patch

A patched-image rebuild at apache-airflow-providers-sftp 5.8.1 becomes available on HarborGuard as soon as the fix version is confirmed. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite, and opens a pull request against affected workloads.

Available

Exploit Conditions

Network reachabilityRequired
The attacker controls or compromises a remote SFTP server that the Airflow deployment connects to over the network; exposure exists wherever the SFTP provider downloads directories from an untrusted host.
AuthenticationNot required
No Airflow account or credential is needed; the attack originates from the server side of the SFTP connection, not from within the Airflow platform.
Victim interactionNot required
No user action is required; exploitation occurs automatically whenever an Airflow task runs SFTPHook.retrieve_directory or SFTPOperator with operation=get against a malicious server.
Attack complexityDetail
Attack complexity is low, meaning the exploit is reliable and condition-free once the attacker controls the SFTP server supplying crafted directory-entry names.

Blast Radius

The attacker writes arbitrary files to any path on the Airflow worker host filesystem that the Airflow process has permission to reach, including configuration files, credentials, and code.
Overwriting Python modules or entrypoints on the worker enables follow-on code execution in the context of the Airflow worker process.
Sensitive local files accessible to the Airflow worker, such as DAG source files, environment variable files, and mounted secrets, are exposed to exfiltration if the attacker can also read the directory contents back through SFTP.

How HarborGuard Handles This

Available on HarborGuard: images containing apache-airflow-providers-sftp below version 5.8.1 are flagged at CRITICAL severity immediately upon scan. For customers who opt into auto-remediation, HarborGuard rebuilds the image at version 5.8.1, runs a regression test pass, and opens a pull request against the affected workload, with a median time from CVE publication to merged patch PR of around 90 minutes for high and critical severity issues in auto-remediation-enabled environments. Where compliance policy requires manual approval, the rebuilt image is staged and the finding is routed to the responsible team inbox with full remediation context. Until a rebuild is deployed, HarborGuard recommends applying network-policy controls to restrict which SFTP hosts Airflow workers are permitted to connect to, limiting the blast radius to trusted server endpoints only.

See how HarborGuard automates this

Fix available

5.8.1

Patch commits

github.com

Affected packages

Apache Software Foundation / Apache Airflow SFTP provider
< 5.8.1 (from 0)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available