ByteOS Network

NVD Vulnerability Details :

CVE-2026-24098

Analyzed

Source-security@apache.org

Published At-09 Feb, 2026 | 11:16

Updated At-11 Feb, 2026 | 18:30

Apache Airflow versions before 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 6.5

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CPE Matches

The Apache Software Foundation

>>airflow>>Versions before 3.1.7(exclusive)

cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-200	Secondary	security@apache.org

CWE ID: CWE-200

Type: Secondary

Source: security@apache.org

References

Hyperlink	Source	Resource
https://github.com/apache/airflow/pull/60801	security@apache.org	Issue Tracking Patch
https://lists.apache.org/thread/nx96435v77xdst7ls5lk57kqvqyj095x	security@apache.org	Mailing List Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/02/09/3	af854a3a-2127-422b-91ae-364da2661108	Mailing List Third Party Advisory

Hyperlink: https://github.com/apache/airflow/pull/60801

Source: security@apache.org

Resource:

Issue Tracking

Patch

Hyperlink: https://lists.apache.org/thread/nx96435v77xdst7ls5lk57kqvqyj095x

Source: security@apache.org

Resource:

Mailing List

Vendor Advisory

Hyperlink: http://www.openwall.com/lists/oss-security/2026/02/09/3

Source: af854a3a-2127-422b-91ae-364da2661108

Resource:

Mailing List

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History