NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-30898

Summary	An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow execute code on worker. Users should review if any of their own DAGs have adopted this incorrect advice.
Publication Date	April 18, 2026, 4:16 p.m.
Registration Date	April 19, 2026, 4:09 a.m.
Last Update	April 18, 2026, 4:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/apache/airflow/pull/64129	security@apache.org
2	https://lists.apache.org/thread/26zmhfj1t95c1hld2r14ho81nzh1bdc8	security@apache.org
3	http://www.openwall.com/lists/oss-security/2026/04/17/7	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-77	コマンドインジェクション	https://cwe.mitre.org/data/definitions/77.html