Apache Airflow 3.2.0 contains a vulnerability (CVE-2026-42359) in its XCom PATCH endpoint that allows authenticated users with XCom write permissions to bypass key validation by setting reserved keys such as 'return_value'. The PATCH endpoint accepts serialized payloads that the deserializer treats as executable code, enabling remote code execution on the triggerer when the deferred task runs. This vulnerability is a bypass of the previous fix for CVE-2026-33858, which only applied validation on the POST/set endpoint but not on PATCH. The vulnerability affects deployments where untrusted users have XCom write permission on DAGs that defer to the triggerer. Upgrading to Apache Airflow 3.2.2 or later is necessary to mitigate this issue.

Successful exploitation allows an authenticated user with XCom write permission to execute arbitrary code remotely on the triggerer process, potentially leading to full compromise of the affected Airflow deployment. This impacts environments where untrusted users have such permissions and use the vulnerable PATCH endpoint. No known exploits in the wild have been reported.

Users who have upgraded to address CVE-2026-33858 must also upgrade Apache Airflow to version 3.2.2 or later to fix the PATCH endpoint bypass. Since no official vendor advisory or patch link is provided, verify the upgrade availability and details from the Apache Airflow project. Until upgraded, restrict XCom write permissions to trusted users only to reduce risk. Patch status is not yet confirmed from vendor advisory; check Apache Airflow official resources for current remediation guidance.