CVE-2026-25917
Published: 18 April 2026
Summary
CVE-2026-25917 is a high-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Apache Airflow. Its CVSS base score is 7.2 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 9.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the deserialization vulnerability by remediating the specific flaw through vendor-recommended upgrade to Apache Airflow 3.2.0.
Prevents arbitrary code execution by validating and sanitizing crafted XCom payloads prior to deserialization in the webserver.
Provides runtime memory protections that mitigate exploitation of the deserialization vulnerability leading to remote code execution.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Deserialization flaw in Airflow webserver directly enables remote arbitrary code execution by authenticated Dag Authors, mapping to exploitation of a public-facing application (T1190) for privilege escalation beyond intended boundaries (T1068).
NVD Description
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users…
more
are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.
Deeper analysisAI
CVE-2026-25917 is a deserialization vulnerability (CWE-502) in Apache Airflow prior to version 3.2.0, where Dag Authors—who are not intended to execute code in the webserver context—can craft malicious XCom payloads that trigger arbitrary code execution on the webserver. The issue stems from improper handling of these payloads, allowing trusted users to escalate their influence beyond expected boundaries. It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), rated as High despite the vendor's assessment of Low severity due to the inherent trust in Dag Authors.
The vulnerability can be exploited by authenticated Dag Authors (requiring high privileges, PR:H), who have network access to the Airflow webserver. By crafting and pushing a specially designed XCom payload, an attacker achieves remote arbitrary code execution in the webserver's context, potentially compromising confidentiality, integrity, and availability with high impact (C:H/I:H/A:H) across the affected system.
Apache Airflow advisories recommend upgrading to version 3.2.0, which resolves the issue. Relevant discussions and patches are detailed in the GitHub pull request at https://github.com/apache/airflow/pull/61641, the Apache mailing list thread at https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po, and the OSS-Security announcement at http://www.openwall.com/lists/oss-security/2026/04/17/9.
Details
- CWE(s)