cvedb.io
CVE-2026-24098
MEDIUM · CVSS 6.5
EPSS exploitation probability: 0%
Published 2026-02-09T11:16:14.660 · Last modified 2026-06-17T10:22:37.333

Summary

Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue

Affected products

apache — airflow

Does this affect you?

Add your gear to cvedb and we'll alert you only when apache ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.