ГлавнаяУязвимости → CVE-2026-32228
7.5высокая

CVE-2026-32228

Описание

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue.

Затрагиваемое ПО
Apache Airflow
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Источники
https://github.com/apache/airflow/pull/63338https://lists.apache.org/thread/s7c75txgt4qf2rofcn43szfwgcrzy0njhttp://www.openwall.com/lists/oss-security/2026/04/17/8