Airflow webserver code execution by Dag Authors (CVE-2026-33858)

Overview

A security vulnerability in Apache Airflow, tracked as CVE-2026-33858, allows a Dag Author to execute arbitrary code on the Airflow webserver. This high-severity flaw has been assigned a CVSS score of 8.8. While Dag Authors are already trusted users within the platform, this vulnerability inappropriately extends their privileges to the webserver’s execution context, creating a significant security boundary bypass.

Vulnerability Details

In Apache Airflow, DAG (Directed Acyclic Graph) authors are users with permissions to create and manage workflow tasks. Under normal security models, these users should not be able to run arbitrary code on the underlying Airflow webserver itself. This vulnerability exists in the handling of XCom (cross-communication) payloads. By crafting a malicious XCom payload, a Dag Author can cause the webserver to execute code of their choosing.

The primary risk stems from the elevation of a trusted internal role to a higher-privileged execution context. This could be leveraged to compromise the webserver, potentially leading to further lateral movement within the environment.

Impact and Severity

The impact is high, as successful exploitation leads to remote code execution on the Airflow webserver. An attacker with Dag Author privileges could:

• Execute arbitrary commands on the host running the webserver.
• Access sensitive data, configuration files, or secrets stored on that server.
• Use the compromised webserver as a foothold to attack other connected systems.

The CVSS vector reflects the network-based attack vector (AV:N), low attack complexity (AC:L), low privileges required (PR:L-the Dag Author role), and no requirement for user interaction (UI:N).

Remediation and Mitigation

The Apache Airflow project has released a fix. All users are strongly recommended to take the following action:

Immediate Action: Upgrade your Apache Airflow installation to version 3.2.0 or later. This version contains the necessary patches to resolve CVE-2026-33858.

If an immediate upgrade is not possible, consider reviewing and temporarily restricting Dag Author permissions to only strictly necessary personnel as a partial mitigation. However, upgrading is the only complete solution. For the latest information on other security patches, monitor the security news section.

Security Insight

This vulnerability highlights the persistent challenge of secure privilege separation within complex orchestration platforms. It echoes past incidents in CI/CD and data pipeline tools where trusted internal roles were inadvertently granted excessive system-level access. The high CVSS score, despite the requirement for Dag Author credentials, underscores that security models must rigorously defend against privilege escalation from any trusted user tier, not just external attackers.

Further Reading

• All High Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs