Apache Airflow Components: Attackers can modify database
In Apache Airflow CNCF Kubernetes Provider and Apache Airflow Amazon Provider, developers have closed a security vulnerability in each case.
(Image: Artur Szczybylo/Shutterstock.com)
The Apache Airflow components CNCF Kubernetes Provider and Amazon Provider are vulnerable. After successful attacks, attackers can access the database, among other things.
The security vulnerabilities
As stated in two posts on the Seclists.org mailing list, the developers have closed the vulnerabilities in CNCF Kubernetes Provider 10.17.0 (CVE-2026-27173 "high") and Amazon Provider 9.28.0 (CVE-2026-42526 "medium").
Videos by heise
In the first case, JWT tokens are faulty, allowing users with read access to manipulate the Airflow database. In the second case, unauthorized access to other teams' secrets is possible.
So far, there is no warning from the software developers about already ongoing attacks. Most recently, in April, vulnerabilities in Apache Airflow and Airflow Keycloak became known – attackers could have completely compromised vulnerable systems as a result.
(des)
