Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-48892

CVE-2026-48892: Apache Airflow Information Disclosure Flaw

CVE-2026-48892 is an information disclosure vulnerability in Apache Airflow that exposes plaintext secrets-backend credentials through the Config API. This post covers technical details, affected versions, and mitigation.

Published:

CVE-2026-48892 Overview

CVE-2026-48892 is an information disclosure vulnerability [CWE-200] in Apache Airflow's Config API. The Config API surfaced per-key secrets-backend overrides such as AIRFLOW__SECRETS__BACKEND_KWARG__SECRET_ID and AIRFLOW__WORKERS__SECRETS_BACKEND_KWARG__SECRET_ID as synthetic configuration options. Because the resulting option names were not listed in sensitive_config_values, the masker did not redact them. An authenticated user with Config read permission could retrieve plaintext secrets-backend credentials, including HashiCorp Vault role_id and secret_id values. The issue affects deployments that configure secrets backends via per-key environment overrides.

Critical Impact

Authenticated users with Config read access can retrieve plaintext secrets-backend credentials through the Config API, enabling access to downstream secret stores such as HashiCorp Vault.

Affected Products

  • Apache Airflow versions prior to 3.3.0
  • Deployments configuring secrets backends via per-key environment variable overrides
  • Installations exposing the Config API to authenticated UI or API users with Config read permission

Discovery Timeline

  • 2026-07-07 - CVE-2026-48892 published to NVD
  • 2026-07-09 - Last updated in NVD database

Technical Details for CVE-2026-48892

Vulnerability Analysis

Apache Airflow supports configuring secrets backends through environment variables prefixed with AIRFLOW__SECRETS__BACKEND_KWARGS__* and AIRFLOW__WORKERS__SECRETS_BACKEND_KWARG__*. These per-key overrides allow operators to inject Vault credentials, AWS keys, or other backend parameters without embedding them in airflow.cfg.

The Config API in affected versions materialized these environment overrides as synthetic configuration entries. Airflow's masking logic redacts values only when the option name appears in the sensitive_config_values list. The synthetic option names generated from per-key overrides did not match any entry in that list, so the masker returned the credentials in cleartext.

Any authenticated user with the can_read permission on the Config resource could query the Config API and receive plaintext secrets. This exposure defeats the security boundary that secrets backends are designed to enforce.

Root Cause

The root cause is an incomplete allow-list in the redaction logic. The sensitive_config_values set did not account for the dynamic option names produced when parsing per-key BACKEND_KWARG environment variables. See the GitHub Pull Request for the corrective changes.

Attack Vector

An attacker with valid Airflow credentials and Config read permission sends an authenticated request to the Config API endpoint. The API response includes the synthesized secrets-backend option names with unredacted values, allowing the attacker to harvest Vault role_id, secret_id, or equivalent credentials for other backends.

The vulnerability mechanism is described in prose because no verified proof-of-concept code is available. See the Apache Mailing List Discussion for advisory details.

Detection Methods for CVE-2026-48892

Indicators of Compromise

  • Config API requests from user accounts that do not routinely access /api/v1/config or /api/v2/config
  • Access log entries showing successful Config API reads followed by authentication activity against Vault, AWS Secrets Manager, or other configured backends
  • Unexpected use of role_id or secret_id values from source IPs outside the Airflow control plane

Detection Strategies

  • Audit Airflow webserver and API access logs for reads against Config endpoints, correlated with user roles and permission grants
  • Alert on any Config API response containing strings matching BACKEND_KWARG option names to identify vulnerable deployments
  • Review Vault and cloud secrets backend audit logs for authentications originating from unexpected principals or hosts

Monitoring Recommendations

  • Enable and forward Airflow audit logs to a centralized logging platform for retention and correlation
  • Monitor role and permission changes that grant Config read access to non-administrative users
  • Track secrets backend authentication metrics for baseline deviations after suspected exposure

How to Mitigate CVE-2026-48892

Immediate Actions Required

  • Upgrade Apache Airflow to version 3.3.0 or later, which removes the synthetic options from Config API output
  • Restrict Config read permission to administrative roles only until upgrade is complete
  • Rotate all secrets-backend credentials, including Vault role_id and secret_id, that were configured via per-key environment overrides on affected deployments
  • Review historical Config API access logs to identify potential prior exposure

Patch Information

Apache released the fix in apache-airflow 3.3.0. The corresponding code change is documented in the GitHub Pull Request. Additional advisory context is available on the Openwall OSS-Security Update.

Workarounds

  • Configure secrets backends using the [secrets] backend_kwargs JSON blob in airflow.cfg instead of per-key environment overrides
  • Remove Config read permission from all non-administrative roles in the Airflow RBAC configuration
  • Disable the Config API by setting expose_config = False in the [webserver] section of airflow.cfg
bash
# Disable Config API exposure in airflow.cfg
[webserver]
expose_config = False

# Or restrict to admin only
expose_config = non-sensitive-only

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.