Description

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue.

INFO

Published Date :

2026-04-18T06:19:47.512Z

Last Modified :

2026-04-20T15:54:05.072Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2026-32228 vulnerability.

Vendors Products
Apache
  • Airflow
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-32228.

URL Resource
http://www.openwall.com/lists/oss-security/2026/04/17/8 cve-icon
https://github.com/apache/airflow/pull/63338 cve-icon cve-icon
https://lists.apache.org/thread/s7c75txgt4qf2rofcn43szfwgcrzy0nj cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact