NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-31987

Summary	JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue.
Publication Date	April 16, 2026, 11:16 p.m.
Registration Date	April 17, 2026, 4:12 a.m.
Last Update	April 16, 2026, 11:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/apache/airflow/issues/62428	security@apache.org
2	https://github.com/apache/airflow/issues/62773	security@apache.org
3	https://github.com/apache/airflow/pull/62964	security@apache.org
4	https://lists.apache.org/thread/pvsrtxzwo9xy6xgknmwslv4zrw70kt6g	security@apache.org

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-532	ログファイルからの情報漏えい	https://cwe.mitre.org/data/definitions/532.html