Volerion logoVolerion
Volerion logoVolerion

Apache Airflow Per-DAG Access Control Vulnerability in Dags Endpoint

Vulnerability

A vulnerability exists in the Apache Airflow '/ui/dags' endpoint prior to version 3.2.1, where per-DAG access control is not properly enforced on embedded Human-in-the-Loop (HITL) and TaskInstance records. This flaw allows authenticated users with read access to at least one DAG to access HITL prompts, including request parameters, and full TaskInstance details for DAGs outside their authorized scope. The exposed HITL prompts and TaskInstance fields often contain operator parameters and free-form context related to tasks, thereby breaching the intended per-DAG role-based access control (RBAC) for all authenticated users.

Impact

Exploitation of this vulnerability allows for unauthorized access to HITL prompts and TaskInstance details from DAGs outside the user's authorized scope, violating per-DAG RBAC boundaries.

Remediation

Users are advised to upgrade to Apache Airflow version 3.2.1 or later, which addresses this vulnerability.

Added: Apr 24, 2026, 1:33 PM
Updated: Apr 24, 2026, 1:33 PM

Vulnerability Rating

Custom Algorithm
spread
5.0
impact
0.6
exploitability
5.2
remediation
7.7
relevance
6.7
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.