CVE-2026-42526— Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends
Possible ATT&CK Techniques 1AI
T1530 · Data from Cloud StorageAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Apache Software Foundation | Apache Airflow Amazon provider | < 9.28.0 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-42526
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends
Source: NVD (National Vulnerability Database)
Vulnerability Description
In the AWS Secrets Manager and SSM Parameter Store secrets backends of `apache-airflow-providers-amazon` prior to 9.28.0, the team-scoping logic could resolve a `conn_id` containing a `/` (e.g. `"my_team/conn"`) to the same path as another team's team-scoped secret when the caller had no team context. A privileged caller without team context could therefore retrieve another team's secret by crafting a colliding `conn_id`. Fixed in 9.28.0 by switching the team-scope separator to `--` and rejecting team-shaped `conn_id`s when team context is absent. Affects the experimental multi-tenant teams feature only. Users are recommended to upgrade to `apache-airflow-providers-amazon` 9.28.0, which fixes the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Airflow 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Airflow是美国阿帕奇(Apache)基金会的一套具有创建、管理和监控工作流程功能的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow 9.28.0之前版本存在安全漏洞,该漏洞源于团队范围逻辑问题,可能导致无团队上下文的特权调用者通过构造冲突的conn_id检索其他团队的秘密。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Airflow Amazon provider | 0 ~ 9.28.0 | - |
II. Public POCs for CVE-2026-42526
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-42526
请登录查看更多情报信息。
Patches & Fixes for CVE-2026-42526 (1)
Mailing List Discussions for CVE-2026-42526 (1)
Same Patch Batch · Apache Software Foundation · 2026-05-19 · 20 CVEs total
| CVE-2026-31909 | Apache OFBiz: Unauthenticated Shipment Label Image Disclosure | |
| CVE-2026-29220 | Apache OFBiz: Low-Privilege LFI in Content Component | |
| CVE-2026-29207 | Apache OFBiz: Low-Privilege SSTI Leading to RCE in the Content Component | |
| CVE-2026-29226 | Apache OFBiz: Low-Privilege SSRF in Content Component | |
| CVE-2026-31378 | Apache OFBiz: JSON Attribute Override and URL Allowlist Bypass Leads to Remote Code Execut | |
| CVE-2026-31379 | Apache OFBiz: Path Traversal and File Upload Validation Bypass Leading to Arbitrary File W | |
| CVE-2026-31380 | Apache OFBiz: FreeMarker SSTI via Duplicate Parameter Sanitization Bypass | |
| CVE-2026-31387 | Apache OFBiz: Cookie Manipulation Allows Authenticated JWT Forgery and Account Impersonati | |
| CVE-2026-31388 | Apache OFBiz: Cross-Tenant Data Exposure via Program Export Feature | |
| CVE-2026-31906 | Apache OFBiz: Reflected XSS via Improper HTML Attribute Escaping in Layered-Modal Dialog P | |
| CVE-2026-27173 | Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command- | |
| CVE-2026-31910 | Apache OFBiz: Improper Input Validation in UI Factory Classes Leads to SSRF and Blind File | |
| CVE-2026-31986 | Apache OFBiz: Unauthenticated RCE via Default JWT Signing Key and Widget Template Injectio | |
| CVE-2026-35086 | Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email s | |
| CVE-2026-41919 | Apache OFBiz: Authentication Bypass due to Improper Neutralization of LDAP Special Element | |
| CVE-2026-45187 | Apache OFBiz: Improper Authorization in Scheduled Job Creation Allows Low-Privileged Users | |
| CVE-2026-45434 | Apache OFBiz: Authentication Bypass via Password-Change Logic Flaw Leading to RCE | |
| CVE-2026-46586 | Apache OFBiz: Improper Validation in traverseContent Service Enables Authenticated Groovy | |
| CVE-2026-47323 | Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering |
IV. Related Vulnerabilities
Same vendor: Apache Software Foundation
- CVE-2026-48589
Apache Shiro: Jakarta EE open redirect via untrusted Referer - CVE-2026-44598
Apache Shiro Jakarta EE module: Open redirect and SSRF (requ - CVE-2026-43828
Apache Shiro: Shiro's native session and rememberMe cookies - CVE-2026-43827
Apache Shiro: Session fixation: new session is not created a - CVE-2026-42797
Apache Syncope: JexlContextBuilder Information Disclosure
Same weakness: CWE-863
- CVE-2018-25353
Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload - CVE-2026-6406
Docker Desktop Enhanced Container Isolation bypass via --use - CVE-2026-39966
TypeBot: Async filter() bypasses authorization, allowing IDO - CVE-2026-28735
GitHub OAuth Scope Validation - CVE-2026-47102
LiteLLM < 1.83.10 Privilege Escalation via User Update
V. Comments for CVE-2026-42526
No comments yet