{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T16:40:33.819","vulnerabilities":[{"cve":{"id":"CVE-2026-24098","sourceIdentifier":"security@apache.org","published":"2026-02-09T11:16:14.660","lastModified":"2026-03-11T13:51:59.417","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. \n\nUsers are advised to upgrade to 3.1.7 or later, which resolves this issue"},{"lang":"es","value":"Apache Airflow versiones anteriores a la 3.1.7, tiene una vulnerabilidad que permite a los usuarios autenticados de la interfaz de usuario (UI) con permiso para uno o más DAGs específicos ver errores de importación generados por otros DAGs a los que no tenían acceso.\n\nSe aconseja a los usuarios actualizar a la versión 3.1.7 o posterior, lo que resuelve este problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.1.7","matchCriteriaId":"4C0114E8-30C3-477B-9AA9-2B388731C60A"}]}]}],"references":[{"url":"https://github.com/apache/airflow/pull/60801","source":"security@apache.org","tags":["Issue Tracking","Patch"]},{"url":"https://lists.apache.org/thread/nx96435v77xdst7ls5lk57kqvqyj095x","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/02/09/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}