Threats Tagged 'cve-2026-38743'
View all threats tagged with 'cve-2026-38743'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'cve-2026-38743'
Click on any threat for detailed analysis and mitigation recommendations
CVE-2026-38743: CWE-1220: Insufficient Granularity of Access Control in Apache Software Foundation Apache AirflowCVE-2026-38743 0 CVE-2026-38743 is a medium-severity vulnerability in Apache Airflow where the /ui/dags endpoint fails to enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records. Authenticated users with read access to at least one DAG could access HITL prompts and full TaskInstance details for DAGs outside their authorized scope, exposing operator parameters and task context beyond intended boundaries. This issue widens visibility of DAG-run data beyond the intended per-DAG RBAC controls. An upgrade to Apache Airflow version 3. 2. 1 is recommended to fix this issue. Join the discussion | CVE Database V5 | 04/24/2026, 12:36:40 UTC Added: 04/24/2026, 13:06:17 UTC |
Showing 1 to 1 of 1 result