Cyber Resilience

CVE-2026-25917

HighRCE

Published: 18 April 2026

Published
18 April 2026
Modified
22 April 2026
KEV Added
Patch
CVSS Score v3.1 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0005 16.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-25917 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Apache Airflow. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 16.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-25917 is a deserialization vulnerability (CWE-502) in Apache Airflow prior to version 3.2.0, where Dag Authors—who are not intended to execute code in the webserver context—can craft malicious XCom payloads that trigger arbitrary code execution on the webserver. The issue stems from improper handling of these payloads, allowing trusted users to escalate their influence beyond expected boundaries. It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), rated as High despite the vendor's assessment of Low severity due to the inherent trust in Dag Authors.

The vulnerability can be exploited by authenticated Dag Authors (requiring high privileges, PR:H), who have network access to the Airflow webserver. By crafting and pushing a specially designed XCom payload, an attacker achieves remote arbitrary code execution in the webserver's context, potentially compromising confidentiality, integrity, and availability with high impact (C:H/I:H/A:H) across the affected system.

Apache Airflow advisories recommend upgrading to version 3.2.0, which resolves the issue. Relevant discussions and patches are detailed in the GitHub pull request at https://github.com/apache/airflow/pull/61641, the Apache mailing list thread at https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po, and the OSS-Security announcement at http://www.openwall.com/lists/oss-security/2026/04/17/9.

EU & UK References

Vulnerability details

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users…

more

are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Deserialization flaw in Airflow webserver directly enables remote arbitrary code execution by authenticated Dag Authors, mapping to exploitation of a public-facing application (T1190) for privilege escalation beyond intended boundaries (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-33858Same product: Apache Airflow
CVE-2026-42359Same product: Apache Airflow
CVE-2026-45360Same product: Apache Airflow
CVE-2024-56373Same product: Apache Airflow
CVE-2026-41084Same product: Apache Airflow
CVE-2025-66236Same product: Apache Airflow
CVE-2026-40961Same product: Apache Airflow
CVE-2026-32228Same product: Apache Airflow
CVE-2026-30912Same product: Apache Airflow
CVE-2026-30898Same product: Apache Airflow

Affected Assets

apache
airflow
≤ 3.2.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the deserialization vulnerability by remediating the specific flaw through vendor-recommended upgrade to Apache Airflow 3.2.0.

prevent

Prevents arbitrary code execution by validating and sanitizing crafted XCom payloads prior to deserialization in the webserver.

prevent

Provides runtime memory protections that mitigate exploitation of the deserialization vulnerability leading to remote code execution.

References