oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2026-30912: Apache Airflow: Exposing stack trace in case of constraint error

From: Rahul Vats <rahulvats () apache org>
Date: Fri, 17 Apr 2026 10:15:40 +0000
Severity: low 

Affected versions:

- Apache Airflow (apache-airflow) before 3.2.0

Description:

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to 
false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to 
Apache Airflow 3.2.0, which fixes the issue.

Credit:

Masamune - Unit515 OPSWAT (finder)
Jason(Zhe-You) Liu (remediation developer)

References:

https://github.com/apache/airflow/pull/63028
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-30912
Previous By Date Next
Previous By Thread Next

Current thread: