HIGH🇬🇧 English

CVE-2026-27173

CVSS 8.7v3.1pub. 2026-05-19upd. 2026-07-02

JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L
  • Apache Airflow Providers Cncf Kubernetes

    APP
    Apache
    < 10.17.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Container
CWE
Referencje

Powiązane podatności

CVE-2023-33234HIGH7.2ten sam produkt

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom s...

CVE-2023-51702MEDIUM6.5ten sam produkt

Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentic...

CVE-2025-24813CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Apache Tomcat: Path Equivalence prowadzący do RCE i ujawnienia danych

CVE-2024-38856CRITICAL9.8⚠ KEVPL ✓ten sam vendor

Apache OFBiz — nieautoryzowane wykonanie kodu przez błędną autoryzację

CVE-2024-38475CRITICAL9.1⚠ KEVPL ✓ten sam vendor

Apache HTTP Server mod_rewrite — ujawnienie kodu i RCE poprzez błędne escapowanie