CVE-2026-40690 | Apache Airflow up to 3.2.0 Asset Dependency Graph insufficient granularity of access control

Inserito da Angelo Barbosa | Apr 24, 2026 | CVE

A vulnerability marked as problematic has been reported in Apache Airflow up to 3.2.0. This impacts an unknown function of the component Asset Dependency Graph. This manipulation causes insufficient granularity of access control.

This vulnerability is registered as CVE-2026-40690. Remote exploitation of the attack is possible. No exploit is available.

It is suggested to upgrade the affected component.

CVE-2026-40690 | Apache Airflow up to 3.2.0 Asset Dependency Graph insufficient granularity of access control

Post correlati

CVE-2024-43614 | Microsoft

CVE-2025-21178 | Microsoft Visual Studio heap-based overflow

CVE-2025-25193 | netty up to 4.1.118 resource consumption (GHSA-389x-839f-4rhx)

CVE-2025-61303 | Hatching Triage Sandbox access control