Apache Airflow's KubernetesExecutor passes JWT tokens for Execution API authentication as command-line arguments visible in pod specifications. This exposure allows an authenticated user with Kubernetes read-only permissions in the Airflow namespace to retrieve these tokens from pod descriptions and impersonate running tasks by calling state-mutating Execution API endpoints. The vulnerability affects deployments using the KubernetesExecutor and is addressed by upgrading Apache Airflow to version 3.2.2 or later. This fix complements a prior patch for the apache-airflow-providers-cncf-kubernetes package (version 10.17.0 or later). Both updates are necessary to fully mitigate the issue.

An attacker with authenticated UI/API access and Kubernetes read-only permissions in the Airflow namespace can harvest JWT tokens from pod specs and use them to perform unauthorized state-changing operations on the Execution API. This includes triggering DAG runs, clearing runs, and reading or writing sensitive Airflow components such as Variables, Connections, and XComs. This could lead to unauthorized workflow execution and data manipulation within affected Airflow deployments using KubernetesExecutor.

Users should upgrade Apache Airflow to version 3.2.2 or later to remediate this vulnerability. Additionally, deployments that have already upgraded apache-airflow-providers-cncf-kubernetes to version 10.17.0 or later should ensure Apache Airflow itself is also upgraded to 3.2.2 or later, as both fixes are complementary. Patch status is not explicitly confirmed in the advisory, but the upgrade recommendation indicates an official fix is available. There is no indication that the vulnerability is mitigated by configuration changes alone.