216.73.217.50

CVE-2026-22922

· Published 09/02/2026 11:16 · Modified 09/02/2026 18:16

Labels: CVE-2026-22922 2026-02-09CVE-2026-22922CWE-648[email protected]

Essential information

Published
09/02/2026 11:16
Modified
09/02/2026 18:16
Author
Creator
CVSS
6.5 MEDIUM (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS metrics

Description

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this issue.

NVD status

Status
Undergoing Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
apache / airflow cpe:2.3:a:apache:airflow:3.1.0-3.1.6:*:*:*:*:*:*:*
apache / airflow cpe:2.3:a:apache:airflow:3.1.7:*:*:*:*:*:*:*

References