← Zuruck zu CVEs
CVE-2026-32690
LOW3.7
Beschreibung
Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to Apache Airflow 3.2.0 that has the fix implemented
CVE Details
CVSS v3.1 Bewertung3.7
SchweregradLOW
CVSS VektorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
AngriffsvektorNETWORK
KomplexitatHIGH
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht4/18/2026
Zuletzt geandert4/21/2026
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
apache:airflow
Schwachen (CWE)
CWE-668
Referenzen
https://github.com/apache/airflow/pull/63480(security@apache.org)
https://lists.apache.org/thread/7rnzxofntcznqxnhsmjvvlvygwph7rn5(security@apache.org)
http://www.openwall.com/lists/oss-security/2026/04/17/6(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.