CVE-2026-38743 Overview
CVE-2026-38743 is an authorization bypass vulnerability in Apache Airflow affecting the authenticated /ui/dags endpoint. The endpoint fails to enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records. As a result, any logged-in Airflow user with read access to at least one DAG can retrieve HITL prompts (including their request parameters) and full TaskInstance details for DAGs outside their authorized scope.
This vulnerability represents a significant breach of the Role-Based Access Control (RBAC) boundary in Apache Airflow, as HITL prompts and TaskInstance fields routinely carry operator parameters and free-form context attached to tasks—potentially exposing sensitive operational data to unauthorized users.
Critical Impact
Authenticated users can access sensitive DAG-run data, HITL prompts, and TaskInstance details beyond their authorized RBAC scope, potentially exposing confidential workflow parameters and operator configurations.
Affected Products
- Apache Airflow versions prior to 3.2.1
Discovery Timeline
- 2026-04-24 - CVE-2026-38743 published to NVD
- 2026-04-27 - Last updated in NVD database
Technical Details for CVE-2026-38743
Vulnerability Analysis
This vulnerability stems from insufficient granularity in access control enforcement at the /ui/dags endpoint. While Apache Airflow implements per-DAG RBAC to restrict user visibility to specific DAGs, the embedded HITL and TaskInstance records were not subjected to the same access control checks.
When a user queries the /ui/dags endpoint, the backend retrieves and returns associated HITL prompts and TaskInstance data without validating whether the requesting user has explicit read permissions for each referenced DAG. This allows authenticated users to enumerate and access workflow execution details—including operator parameters, task states, and human-in-the-loop prompt contents—across the entire Airflow deployment.
The vulnerability is classified under CWE-1220 (Insufficient Granularity of Access Control), reflecting the failure to apply fine-grained access restrictions to nested data objects within the API response.
Root Cause
The root cause lies in the access control logic of the /ui/dags endpoint handler. The endpoint correctly validates that the authenticated user has access to at least one DAG, but it does not filter the embedded HITL and TaskInstance records based on the user's actual DAG-level permissions. This design oversight allows the API to return data from DAGs that the user is not authorized to view, effectively bypassing the RBAC enforcement layer for these nested objects.
Attack Vector
An attacker with minimal Airflow access (read permission on any single DAG) can exploit this vulnerability by making authenticated requests to the /ui/dags endpoint. The attack requires network access to the Airflow web interface and valid user credentials. No special privileges beyond basic DAG read access are needed.
The attacker can extract:
- HITL prompt request parameters containing potentially sensitive context
- TaskInstance details including operator configurations, execution timestamps, and task states
- Free-form context fields that may contain secrets, connection strings, or business-critical data
This information disclosure could facilitate further attacks by revealing internal workflow structures, operational patterns, and sensitive configuration data embedded in task definitions.
Detection Methods for CVE-2026-38743
Indicators of Compromise
- Unusual query patterns to the /ui/dags endpoint from users with limited DAG access
- High-frequency API requests retrieving HITL or TaskInstance data across multiple DAGs
- Audit log entries showing users accessing DAG run details for workflows outside their assigned scope
- Anomalous data exports or scraping activity targeting the Airflow web UI
Detection Strategies
- Enable and review Airflow audit logging for /ui/dags endpoint access patterns
- Monitor for users querying TaskInstance or HITL data for DAGs not in their assigned permissions
- Implement API request rate limiting and anomaly detection for authenticated endpoints
- Cross-reference web server access logs with Airflow RBAC configurations to identify scope violations
Monitoring Recommendations
- Configure alerting for bulk data retrieval attempts from the /ui/dags endpoint
- Establish baseline access patterns per user role and alert on deviations
- Integrate Airflow logs with SIEM solutions for centralized monitoring and correlation
- Periodically audit user permissions against actual API access patterns
How to Mitigate CVE-2026-38743
Immediate Actions Required
- Upgrade Apache Airflow to version 3.2.1 or later immediately
- Review Airflow access logs for potential exploitation of this vulnerability
- Audit current user permissions and restrict DAG access to the minimum required scope
- Rotate any credentials or secrets that may have been exposed through TaskInstance or HITL prompts
Patch Information
Apache has released version 3.2.1 which addresses this access control vulnerability. The fix ensures that per-DAG RBAC is properly enforced on embedded HITL and TaskInstance records within the /ui/dags endpoint response.
For detailed patch information, refer to the GitHub Pull Request for Airflow and the Apache Mailing List Thread.
Workarounds
- Restrict access to the Airflow web UI to trusted network segments using firewall rules or VPN requirements
- Implement a reverse proxy with additional authentication layers in front of the Airflow web interface
- Temporarily revoke DAG read permissions from users who do not require immediate access
- Review and sanitize sensitive data stored in HITL prompts and TaskInstance parameters
# Upgrade Apache Airflow to patched version
pip install apache-airflow==3.2.1
# Verify installed version
airflow version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
