{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T23:31:37.957","vulnerabilities":[{"cve":{"id":"CVE-2025-68438","sourceIdentifier":"security@apache.org","published":"2026-01-16T11:16:03.760","lastModified":"2026-01-21T13:44:43.577","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include user-registered mask_secret() patterns, so secrets were not reliably masked before truncation and display.\n\nUsers are recommended to upgrade to 3.1.6 or later, which fixes this issue"},{"lang":"es","value":"En versiones de Apache Airflow anteriores a la 3.1.6, cuando los campos de plantilla renderizados en un DAG exceden [core] max_templated_field_length, valores sensibles podrían quedar expuestos en texto claro en la interfaz de usuario de Plantillas Renderizadas. Esto ocurrió porque la serialización de esos campos utilizaba una instancia de enmascarador de secretos que no incluía patrones mask_secret() registrados por el usuario, por lo que los secretos no se enmascaraban de forma fiable antes de la truncación y visualización.\n\nSe recomienda a los usuarios actualizar a la 3.1.6 o posterior, lo que corrige este problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndExcluding":"3.1.6","matchCriteriaId":"3200C37B-AA6B-4DDC-9CFB-93D59243BF2A"}]}]}],"references":[{"url":"https://lists.apache.org/thread/55n7b4nlsz3vo5n4h5lrj9bfsk8ctyff","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/01/15/5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}