CVE-2026-45426 Overview
CVE-2026-45426 is an authorization flaw in the Apache Airflow Log server. The component validates JSON Web Token (JWT) sub claims against requested Dag identifiers using Python's str.lstrip() method. Because str.lstrip() removes any character in a supplied set rather than a literal prefix, the check permits cross-Dag log access. An authenticated worker holding a JWT issued for one Dag can read worker logs of other Dags whose names share characters with the original Dag name. The flaw maps to [CWE-863: Incorrect Authorization]. Apache Airflow versions prior to 3.2.2 are affected.
Critical Impact
An authenticated Airflow worker can bypass per-Dag log isolation and enumerate task output and error traces from unrelated Dags in multi-team or shared-executor deployments.
Affected Products
- Apache Airflow versions prior to 3.2.2
- Deployments relying on per-Dag log-access scoping
- Multi-team, shared-executor, and shared-worker Airflow topologies
Discovery Timeline
- 2026-06-01 - CVE-2026-45426 published to the National Vulnerability Database
- 2026-06-01 - Last updated in NVD database
Technical Details for CVE-2026-45426
Vulnerability Analysis
The Apache Airflow Log server issues JWTs scoped to a specific Dag through the sub claim. When a worker requests logs, the server compares the requested Dag identifier against the token's sub value. The comparison uses str.lstrip(sub) against the request path segment, which Python interprets as a character-set strip rather than a literal prefix check.
This logic flaw allows the JWT to authorize access to any Dag whose name begins with characters that appear in the original Dag name. A token issued for dag_a would satisfy the check for Dag names such as dag_attacker, aaaa_target, or _dag_secret, because every leading character of those names is contained in the set {d, a, g, _}.
The flaw breaks the documented per-Dag isolation boundary. Successful exploitation leaks task output, stack traces, and error messages that may contain credentials, query parameters, or internal hostnames.
Root Cause
The root cause is misuse of str.lstrip() for prefix validation. The method strips any character in the argument from the left side of the string, not a literal prefix. The authorization routine treats a non-empty stripped result as a match, producing an overly permissive comparison.
Attack Vector
Exploitation requires an attacker who is already an authenticated Airflow worker and possesses a valid Log-server JWT issued for at least one Dag. The attacker enumerates Dag identifiers whose names share leading characters with the authorized Dag, then requests log endpoints using the existing JWT. The Log server returns log data for any matching Dag, enabling cross-tenant information disclosure within a shared Airflow deployment.
No verified public proof-of-concept code is available. See the Apache Mailing List Discussion and the GitHub Pull Request for the upstream patch describing the corrected comparison logic.
Detection Methods for CVE-2026-45426
Indicators of Compromise
- Log server access entries where the requesting worker's JWT sub claim does not exactly match the requested Dag identifier.
- Repeated Log server requests from a single worker iterating across many Dag names that share leading characters.
- Unexpected 200 responses to log endpoints for Dags the requesting worker is not assigned to execute.
Detection Strategies
- Audit Log server access logs and correlate the JWT sub claim against the Dag identifier in each request URI; flag any mismatch.
- Compare worker-to-Dag assignment data from the scheduler against actual log retrieval activity to surface unauthorized reads.
- Deploy alerting on Airflow Log server 200-OK responses preceded by enumeration patterns across similarly named Dag IDs.
Monitoring Recommendations
- Forward Airflow webserver, scheduler, and Log server access logs to a centralized analytics platform for retention and query.
- Monitor the Airflow apache-airflow package version across all nodes and alert when any host runs a version below 3.2.2.
- Track outbound network connections from worker nodes for unexpected data egress that may follow log harvesting.
How to Mitigate CVE-2026-45426
Immediate Actions Required
- Upgrade apache-airflow to version 3.2.2 or later across schedulers, webservers, and worker nodes.
- Rotate all active Log-server JWT signing keys to invalidate tokens issued before the upgrade.
- Review historical Log server access records for evidence of cross-Dag log retrieval and notify affected teams if leakage is confirmed.
Patch Information
The upstream fix replaces the str.lstrip() comparison with an exact Dag identifier match. The change is documented in the GitHub Pull Request 66749 and announced in the Apache project mailing list. Apply the patch by upgrading to apache-airflow 3.2.2 or any later release that includes the corrected authorization check.
Workarounds
- Restrict Log server network exposure to a trusted management subnet until the upgrade is complete.
- Where feasible, enforce strict naming conventions that minimize character overlap between Dag identifiers across tenant boundaries.
- Reduce JWT lifetimes and require frequent re-issuance to limit the window during which a misused token remains valid.
# Configuration example
pip install --upgrade "apache-airflow>=3.2.2"
airflow db check
systemctl restart airflow-webserver airflow-scheduler airflow-worker
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
