CVE-2026-49297: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Software Foundation Apache Airflow Google provider
Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket (typically a different trust principal than the DAG author — partner uploads, ingest-only service accounts, public-data buckets) could create an object whose name contains `..` segments and cause the DAG run to write the downloaded blob outside the configured destination (the SFTP `destination_path` for `GCSToSFTPOperator`; the worker-local temp directory for `GCSTimeSpanFileTransformOperator`), enabling overwrite of arbitrary files on the SFTP server or the worker host. Affects deployments that ingest from buckets writable by less-trusted principals. Users are advised to upgrade to `apache-airflow-providers-google` 22.2.1 or later.
AI Analysis
Technical Summary
The vulnerability (CWE-22) in Apache Airflow's Google provider involves improper limitation of a pathname to a restricted directory. Specifically, the GCSToSFTPOperator and GCSTimeSpanFileTransformOperator operators concatenate GCS object names returned by the bucket listing API directly to destination filesystem paths without normalization or containment checks. This allows an attacker with write access to the source GCS bucket to create object names containing '..' path segments, leading to path traversal. Consequently, the DAG run may write files outside the configured destination paths, enabling overwriting of arbitrary files on the SFTP server or the worker host. This affects versions of apache-airflow-providers-google prior to 22.2.1. The vulnerability requires that the attacker has write access to the source bucket, which is typically a different trust principal than the DAG author.
Potential Impact
An attacker with write access to the source GCS bucket can exploit this vulnerability to cause the Airflow DAG run to write files outside the intended destination directory. This can lead to arbitrary file overwrite on the SFTP server or the Airflow worker host, potentially compromising system integrity or availability. The impact is limited to environments where the source bucket is writable by less-trusted principals.
Mitigation Recommendations
Users should upgrade the apache-airflow-providers-google package to version 22.2.1 or later, where this path traversal vulnerability has been fixed. There is no indication that temporary mitigations or workarounds are available. Patch status is confirmed by the vendor advisory recommending upgrade to 22.2.1 or later.
CVE-2026-49297: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Software Foundation Apache Airflow Google provider
Description
Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket (typically a different trust principal than the DAG author — partner uploads, ingest-only service accounts, public-data buckets) could create an object whose name contains `..` segments and cause the DAG run to write the downloaded blob outside the configured destination (the SFTP `destination_path` for `GCSToSFTPOperator`; the worker-local temp directory for `GCSTimeSpanFileTransformOperator`), enabling overwrite of arbitrary files on the SFTP server or the worker host. Affects deployments that ingest from buckets writable by less-trusted principals. Users are advised to upgrade to `apache-airflow-providers-google` 22.2.1 or later.
Affected software
pkg:pypi/apache-airflow-providers-googleRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability (CWE-22) in Apache Airflow's Google provider involves improper limitation of a pathname to a restricted directory. Specifically, the GCSToSFTPOperator and GCSTimeSpanFileTransformOperator operators concatenate GCS object names returned by the bucket listing API directly to destination filesystem paths without normalization or containment checks. This allows an attacker with write access to the source GCS bucket to create object names containing '..' path segments, leading to path traversal. Consequently, the DAG run may write files outside the configured destination paths, enabling overwriting of arbitrary files on the SFTP server or the worker host. This affects versions of apache-airflow-providers-google prior to 22.2.1. The vulnerability requires that the attacker has write access to the source bucket, which is typically a different trust principal than the DAG author.
Potential Impact
An attacker with write access to the source GCS bucket can exploit this vulnerability to cause the Airflow DAG run to write files outside the intended destination directory. This can lead to arbitrary file overwrite on the SFTP server or the Airflow worker host, potentially compromising system integrity or availability. The impact is limited to environments where the source bucket is writable by less-trusted principals.
Mitigation Recommendations
Users should upgrade the apache-airflow-providers-google package to version 22.2.1 or later, where this path traversal vulnerability has been fixed. There is no indication that temporary mitigations or workarounds are available. Patch status is confirmed by the vendor advisory recommending upgrade to 22.2.1 or later.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apache
- Date Reserved
- 2026-05-28T20:42:43.353Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4b81c327e9c797194eed31
Added to database: 07/06/2026, 10:21:55 UTC
Last enriched: 07/06/2026, 10:37:14 UTC
Last updated: 07/06/2026, 11:52:47 UTC
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.