Description

JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade to version 3.2.0, which fixes this issue.

INFO

Published Date :

2026-04-16T13:31:52.336Z

Last Modified :

2026-04-16T18:24:29.466Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2026-31987 vulnerability.

Vendors Products
Apache
  • Airflow
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-31987.

URL Resource
http://www.openwall.com/lists/oss-security/2026/04/16/7 cve-icon
https://github.com/apache/airflow/issues/62428 cve-icon cve-icon
https://github.com/apache/airflow/issues/62773 cve-icon cve-icon
https://github.com/apache/airflow/pull/62964 cve-icon cve-icon
https://lists.apache.org/thread/pvsrtxzwo9xy6xgknmwslv4zrw70kt6g cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System