Primary

Context

Apache Airflow Connection Secrets Exposure Vulnerability

Vulnerability

Patched

A vulnerability exists in Apache Airflow versions prior to 2.11.1, allowing authenticated users with audit log access to view sensitive connection parameters in audit logs. These values, when set through the Airflow CLI, were logged unencrypted and stored in the Airflow database. Although this issue primarily affects users with audit log access, it is advisable to upgrade to Airflow 2.11.1 or later. Additionally, users who have used the CLI to configure connections should manually remove any sensitive entries from the audit log database table.

Impact

This vulnerability could lead to unauthorized exposure of sensitive connection details in the audit logs and the Airflow database.

Remediation

Users should upgrade to Apache Airflow version 2.11.1 or later. Those who have previously used the CLI to set connections should manually delete entries containing sensitive values from the audit log table.

Added: Feb 24, 2026, 10:17 AM

Updated: Feb 24, 2026, 4:43 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.5

remediation

8.3

relevance

3.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

5.5

remediation

8.3

relevance

3.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Airflow Connection Secrets Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache Airflow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating