Severity: low
Affected versions:
- Apache Airflow (apache-airflow) 3.0.0 before 3.2.2
Description:
Exploitation requires the attacker to already be an authenticated Airflow
worker holding a valid Log-server JWT issued for at least one Dag. Apache
Airflow's Log server authorized JWT tokens against Dag IDs by applying Python's
`str.lstrip()` to the requested path segment when verifying the JWT's `sub`
claim. `str.lstrip()` strips any of a *set* of characters from the left (not a
prefix), so a JWT issued for a Dag named e.g. `dag_a` would authorize log
access to any other Dag whose name began with any subset of the characters `{d,
a, g, _}` (e.g. `dag_attacker`, `aaaa_target`, `_dag_secret`). Such an
authenticated worker could enumerate and read worker logs of other Dags whose
names happened to share that character-class prefix, leaking task output and
error traces beyond the documented per-Dag isolation boundary. Affects
deployments relying on per-Dag log-access scoping (multi-team, shared-executor,
shared-worker topologies). Users are advised to upgrade to `apache-airflow`
3.2.2 or later.
Credit:
Michael Lip (theluckystrike) (finder)
Jarek Potiuk (@potiuk) (remediation developer)
References:
https://github.com/apache/airflow/pull/66749
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-45426
