CVE-2026-25917: CWE-502: Deserialization of Untrusted Data in Apache Software Foundation Apache Airflow
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.
AI Analysis
Technical Summary
This vulnerability (CWE-502) in Apache Airflow involves deserialization of untrusted data via XCom payloads crafted by Dag Authors. The flaw allows execution of arbitrary code in the webserver context, which normally Dag Authors should not be able to do. Since Dag Authors have high privileges, the impact is significant. The vendor recommends upgrading to Apache Airflow 3.2.0 to remediate this issue. No official patch link or detailed remediation level is provided in the data, but the upgrade is the stated fix.
Potential Impact
Successful exploitation allows arbitrary code execution in the Airflow webserver context, potentially compromising confidentiality, integrity, and availability of the system. Because Dag Authors are already trusted users, the risk is somewhat mitigated by user role, but the vulnerability still poses a high impact as indicated by the CVSS score of 7.2.
Mitigation Recommendations
Users should upgrade to Apache Airflow version 3.2.0, which addresses this vulnerability. No other official remediation or temporary fixes are indicated. Patch status is not explicitly confirmed beyond the upgrade recommendation, so users should verify with the vendor advisory for the latest guidance.
CVE-2026-25917: CWE-502: Deserialization of Untrusted Data in Apache Software Foundation Apache Airflow
Description
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.
CVSS v3.1
Score 7.2high
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CWE-502) in Apache Airflow involves deserialization of untrusted data via XCom payloads crafted by Dag Authors. The flaw allows execution of arbitrary code in the webserver context, which normally Dag Authors should not be able to do. Since Dag Authors have high privileges, the impact is significant. The vendor recommends upgrading to Apache Airflow 3.2.0 to remediate this issue. No official patch link or detailed remediation level is provided in the data, but the upgrade is the stated fix.
Potential Impact
Successful exploitation allows arbitrary code execution in the Airflow webserver context, potentially compromising confidentiality, integrity, and availability of the system. Because Dag Authors are already trusted users, the risk is somewhat mitigated by user role, but the vulnerability still poses a high impact as indicated by the CVSS score of 7.2.
Mitigation Recommendations
Users should upgrade to Apache Airflow version 3.2.0, which addresses this vulnerability. No other official remediation or temporary fixes are indicated. Patch status is not explicitly confirmed beyond the upgrade recommendation, so users should verify with the vendor advisory for the latest guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apache
- Date Reserved
- 2026-02-09T11:43:28.920Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e32a52bdfbbecc59fc2b7d
Added to database: 4/18/2026, 6:53:06 AM
Last enriched: 4/26/2026, 2:29:08 AM
Last updated: 6/1/2026, 12:01:07 AM
Views: 131
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.