Malicious code vulnerabilities threaten Apache Airflow and Airflow Keycloak
Apache's open-source workflow management platforms Airflow and Airflow Keycloak are vulnerable. One vulnerability is critical.
(Image: Artur Szczybylo/Shutterstock.com)
Attackers can target Apache Airflow and Airflow Keycloak, potentially leading to complete system compromise in the worst-case scenario.
Security updates available
In total, the developers have closed six security vulnerabilities. This is according to several warnings from the Airflow mailing list. One vulnerability (CVE-2026-25917) is considered "critical". It allows attackers to execute malicious code in the context of the web server via an Xcom payload.
Videos by heise
There is another vulnerability for malicious code execution (CVE-2026-30898, "high"). Additionally, information can be leaked (CVE-2026-30912, "high"). The developers assure that the security issues have been resolved in Airflow 3.2.0. All previous versions are vulnerable.
According to a warning, Airflow Keycloak is only affected by one vulnerability (CVE-2026-40948, "medium"). Version 0.7.0 provides a fix for this.
(des)
