CVE-2026-42360 Overview
CVE-2026-42360 is an information disclosure vulnerability in Apache Airflow's rendered-template field handling. The flaw bypasses nested sensitive-key masking when a rendered template field exceeds the [core] max_templated_field_length limit. Airflow stringifies the structure before redaction, losing the nested key context, and persists the plaintext value into rendered_fields. An authenticated user with permission to read rendered template fields can harvest secrets that were intended to be masked. The issue is classified under [CWE-200] (Information Exposure) and is a variant of the previously addressed CVE-2025-68438.
Critical Impact
Authenticated UI or API users can read plaintext values for nested password, token, secret, and api_key fields stored in Airflow's rendered_fields table.
Affected Products
- Apache Airflow versions prior to 3.2.2
- Deployments where DAG authors pass structured JSON to operators with nested sensitive keys
- Installations that previously patched only CVE-2025-68438
Discovery Timeline
- 2026-06-01 - CVE-2026-42360 published to NVD
- 2026-06-01 - Last updated in NVD database
Technical Details for CVE-2026-42360
Vulnerability Analysis
Apache Airflow masks sensitive values in rendered template fields using an allowlist of key names such as password, token, secret, and api_key. The redaction logic walks nested JSON structures and replaces values whose keys match the allowlist. The vulnerability arises when a rendered template field exceeds the [core] max_templated_field_length threshold configured for the deployment.
When the threshold is exceeded, Airflow converts the structure to a string representation before applying redaction. The stringification step discards the nested key-to-value mapping that the masker relies on. As a result, the allowlist match fails and the plaintext payload is written to the rendered_fields table backing the Airflow metadata database.
Any authenticated user with the can_read permission on rendered template fields can retrieve the stored value through the Airflow UI or REST API. The exploit requires no special privileges beyond standard DAG read access, and no user interaction from an administrator.
Root Cause
The redaction routine assumes the structure is walked as a Python object. The truncation path that handles oversized fields short-circuits this assumption by calling str() on the structure first. The fix for CVE-2025-68438 covered user-registered mask_secret() patterns but did not extend the nested sensitive-keyword allowlist to the truncated path.
Attack Vector
An authenticated attacker reads a DAG run's rendered template fields through the Airflow web UI or the /api/v1/dags/{dag_id}/dagRuns/{run_id}/taskInstances/{task_id}/renderedFields endpoint. When the target task passes structured JSON containing nested credentials to an operator, and the rendered output exceeds max_templated_field_length, the response contains unredacted secret values.
The vulnerability manifests in Airflow's template rendering pipeline. Refer to the Apache Airflow Pull Request 65906 for the patch details and the Apache Mailing List Thread for the security announcement.
Detection Methods for CVE-2026-42360
Indicators of Compromise
- Unusual volume of GET requests to the renderedFields API endpoint from a single authenticated principal
- Access to rendered template fields for tasks that pass structured JSON to operators
- Rows in the rendered_task_instance_fields table containing plaintext strings matching password, token, secret, or api_key patterns
Detection Strategies
- Audit Airflow metadata database for rendered_fields entries that contain unredacted credential keywords inside truncated JSON blobs
- Review Airflow webserver access logs for repeated reads of /renderedFields endpoints across multiple DAG runs
- Correlate API authentication events with template field read operations to identify reconnaissance patterns
Monitoring Recommendations
- Enable Airflow audit logging and forward webserver and API logs to a centralized log analytics platform
- Alert on principals that access rendered fields for DAGs outside their normal scope
- Monitor outbound use of credentials that may have been exposed through rendered template fields
How to Mitigate CVE-2026-42360
Immediate Actions Required
- Upgrade apache-airflow to version 3.2.2 or later, even if the deployment was previously patched for CVE-2025-68438
- Review and rotate any credentials that may have been passed through structured JSON templates with nested sensitive keys
- Restrict the can_read permission on rendered template fields to roles that require it
Patch Information
The fix is delivered in apache-airflow 3.2.2. The patch extends the nested sensitive-keyword allowlist to the code path that handles fields exceeding [core] max_templated_field_length, ensuring redaction occurs before stringification. Patch details are available in the Apache Airflow Pull Request 65906.
Workarounds
- Increase [core] max_templated_field_length so that affected templates do not trigger the truncation path, accepting the storage tradeoff
- Avoid passing structured JSON containing nested sensitive keys to operators; resolve secrets at task runtime using Airflow Connections or a secrets backend
- Reduce the user population with read access to rendered template fields through Airflow's role-based access control
# Upgrade Apache Airflow to the patched release
pip install --upgrade "apache-airflow>=3.2.2"
# Verify installed version
airflow version
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
