cvedb.io
CVE-2025-69219
HIGH · CVSS 8.8
EPSS exploitation probability: 0%
Published 2026-03-09T11:16:05.907 · Last modified 2026-06-17T10:00:18.717

Summary

A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. You should upgrade to version 6.0.0 of the provider to avoid even that risk.

Affected products

apache — airflow_providers_http

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.