CVE-2026-30898 | Apache Airflow up to 3.1.x BashOperator dag_run.conf injection

Inserito da Angelo Barbosa | Apr 17, 2026 | CVE

A vulnerability labeled as critical has been found in Apache Airflow up to 3.1.x. Affected is an unknown function of the file dag_run.conf of the component BashOperator. Executing a manipulation can lead to injection.

This vulnerability is registered as CVE-2026-30898. It is possible to launch the attack remotely. No exploit is available.

The affected component should be upgraded.

CVE-2026-30898 | Apache Airflow up to 3.1.x BashOperator dag_run.conf injection

Post correlati

CVE-2024-30596 | Tenda FH1202 1.2.0.14(408) /goform/SetOnlineDevName formSetDeviceName deviceId stack-based overflow

CVE-2025-12123 | Customer Reviews Collector for WooCommerce Plugin up to 4.6.1 on WordPress text cross site scripting

CVE-2024-43336 | WP User Manager Plugin up to 2.9.10 on WordPress cross-site request forgery

CVE-2025-6008 | kiCode111 like-girl 5.2.0 /admin/ImgAddPost.php imgDatd/imgText/imgUrl sql injection