NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-32690

Summary	Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to Apache Airflow 3.2.0 that has the fix implemented
Publication Date	April 18, 2026, 4:16 p.m.
Registration Date	April 19, 2026, 4:09 a.m.
Last Update	April 18, 2026, 4:16 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/apache/airflow/pull/63480	security@apache.org
2	https://lists.apache.org/thread/7rnzxofntcznqxnhsmjvvlvygwph7rn5	security@apache.org
3	http://www.openwall.com/lists/oss-security/2026/04/17/6	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-668	誤った領域へのリソースの漏えい	https://cwe.mitre.org/data/definitions/668.html