CVE-2026-34538 Overview
Apache Airflow versions 3.0.0 through 3.1.8 contain an authorization bypass vulnerability in the DagRun wait endpoint that exposes XCom result values to users with only DAG Run read permissions, such as those assigned the Viewer role. This behavior conflicts with the FAB (Flask-AppBuilder) RBAC model, which treats XCom as a separate protected resource requiring explicit permissions.
The vulnerability undermines the security model documentation that defines the Viewer role as read-only, allowing users with limited permissions to access sensitive execution results that should be restricted to higher-privileged roles.
Critical Impact
Users with Viewer role permissions can access XCom execution results, potentially exposing sensitive data including credentials, API keys, and other confidential information passed between DAG tasks.
Affected Products
- Apache Airflow version 3.0.0
- Apache Airflow versions 3.0.1 through 3.1.7
- Apache Airflow version 3.1.8
Discovery Timeline
- 2026-04-09 - CVE CVE-2026-34538 published to NVD
- 2026-04-09 - Last updated in NVD database
Technical Details for CVE-2026-34538
Vulnerability Analysis
This vulnerability is classified under CWE-668 (Exposure of Resource to Wrong Sphere), indicating improper access control that allows resources to be accessed by unauthorized actors. The flaw exists in Apache Airflow's DagRun wait endpoint, which returns XCom result values without properly validating whether the requesting user has the necessary permissions to access XCom data.
Apache Airflow uses the FAB Auth Manager to implement resource-based access control. Under this model, XCom data is designated as a separate protected resource that requires explicit read permissions beyond basic DAG Run access. However, the vulnerable endpoint bypasses this permission check, returning XCom values to any authenticated user with DAG Run read permissions.
The Viewer role in Airflow's security model is explicitly designed as a read-only role that allows inspection of DAGs without access to sensitive execution results. This vulnerability breaks that security boundary, effectively elevating Viewer privileges to access protected XCom resources.
Root Cause
The root cause stems from inadequate permission validation in the DagRun wait endpoint implementation. When processing requests to this endpoint, the code fails to verify XCom-specific permissions before including XCom result values in the response. The endpoint only validates DAG Run read permissions, assuming that access to DAG Run metadata implies access to all associated execution data.
This represents a violation of the principle of least privilege, where the endpoint grants broader access than intended by the security model. The FAB RBAC framework provides mechanisms for granular resource-based authorization, but these checks were not properly implemented for XCom data returned through this endpoint.
Attack Vector
An authenticated attacker with minimal Viewer role permissions can exploit this vulnerability through the network by making requests to the DagRun wait endpoint. The attack does not require any user interaction and can be performed with low complexity.
The exploitation scenario involves:
- An attacker obtains or is legitimately assigned Viewer role credentials
- The attacker identifies DAG Runs that may contain sensitive XCom data
- By calling the DagRun wait endpoint, the attacker receives XCom result values that should be restricted
- Sensitive information such as credentials, API responses, or inter-task communication data may be exposed
This vulnerability is particularly concerning in multi-tenant Airflow deployments where role-based access control is used to segment access between different teams or users. See the Apache Mailing List Discussion for additional technical context.
Detection Methods for CVE-2026-34538
Indicators of Compromise
- Unexpected API requests to the DagRun wait endpoint from users with Viewer role permissions
- Anomalous access patterns showing Viewer role users accessing endpoints that return XCom data
- Audit logs indicating repeated queries to DAG Run endpoints from low-privilege accounts
- Evidence of data exfiltration following access to XCom values containing sensitive information
Detection Strategies
- Implement audit logging for all DagRun wait endpoint requests, capturing the requesting user's role and permissions
- Monitor for Viewer role accounts making requests to endpoints that historically return XCom data
- Create alerts for access patterns where Viewer users access multiple DAG Runs in rapid succession
- Review authentication logs for Viewer accounts exhibiting behavior inconsistent with their expected read-only role
Monitoring Recommendations
- Enable detailed access logging in Apache Airflow to capture endpoint access by role
- Configure SIEM rules to detect Viewer role access to sensitive execution endpoints
- Implement rate limiting on the DagRun wait endpoint to slow potential data harvesting
- Regularly audit XCom data for sensitive information that could be exposed through this vulnerability
How to Mitigate CVE-2026-34538
Immediate Actions Required
- Upgrade Apache Airflow to version 3.2.0 or later, which includes the security fix
- Review and audit all users currently assigned the Viewer role to assess potential exposure
- Examine XCom data stored in your Airflow deployment for sensitive information
- Consider temporarily restricting Viewer role access until the patch can be applied
Patch Information
Apache has released version 3.2.0 which resolves this authorization bypass vulnerability. The fix implements proper XCom permission validation in the DagRun wait endpoint, ensuring that users without explicit XCom read permissions cannot access XCom result values.
The security patch is documented in GitHub Pull Request #64415, which contains the code changes implementing proper RBAC enforcement. Organizations should upgrade to Airflow 3.2.0 or apply the patch from this pull request if an immediate upgrade is not feasible.
Additional details about this vulnerability are available in the Openwall OSS Security Thread.
Workarounds
- Restrict network access to Airflow's web interface and API endpoints to trusted networks only
- Remove Viewer role assignments and implement a more restrictive custom role that explicitly excludes access to DAG Run wait endpoints
- Implement network-level monitoring to detect and block suspicious access patterns to vulnerable endpoints
- Avoid storing sensitive data in XCom values until the patch is applied; use alternative secure storage mechanisms for credentials and secrets
# Configuration example
# Restrict Airflow webserver access to internal network only
# In airflow.cfg or environment variables:
# Bind webserver to internal interface only
AIRFLOW__WEBSERVER__WEB_SERVER_HOST=10.0.0.1
# Enable audit logging for security monitoring
AIRFLOW__LOGGING__FAB_LOGGING_LEVEL=INFO
# Consider enabling authentication rate limiting
AIRFLOW__WEBSERVER__AUTH_RATE_LIMITED=True
AIRFLOW__WEBSERVER__AUTH_RATE_LIMIT=5 per minute
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
