Primary

Context

Apache Airflow CNCF Kubernetes Provider JWT Token Exposure Vulnerability

Vulnerability

Patched

A vulnerability exists in the Apache Airflow CNCF Kubernetes provider, specifically in versions prior to 10.17.0. JWT tokens used by workers in Kubernetes Executors have been exposed to users with read-only access to Kubernetes Pods. This exposure could enable these users to perform actions available to running tasks via the Task SDK, potentially allowing them to modify the state of the Airflow Database for those tasks.

Impact

This vulnerability could lead to unauthorized actions being performed on behalf of tasks, including modifications to the Airflow Database related to those tasks.

Remediation

Users can update to Apache Airflow CNCF Kubernetes provider version 10.17.0 or later to address this vulnerability.

Added: May 19, 2026, 8:23 PM

Updated: May 19, 2026, 8:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

5.2

remediation

7.7

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

5.2

remediation

7.7

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Airflow CNCF Kubernetes Provider JWT Token Exposure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Apache Airflow

Apache Airflow CNCF Kubernetes provider

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating