{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T15:43:33.056","vulnerabilities":[{"cve":{"id":"CVE-2026-28779","sourceIdentifier":"security@apache.org","published":"2026-03-17T11:16:11.790","lastModified":"2026-03-17T17:42:17.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Airflow versions 3.1.0 through 3.1.7 session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url.\nThis allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full session takeover without attacking Airflow itself.\n\nUsers are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue."},{"lang":"es","value":"El token de sesión (_token) en las cookies de las versiones de Apache Airflow 3.1.0 a 3.1.7 se establece en path=/ independientemente de la base_url configurada para [webserver] o [api].\nEsto permite a cualquier aplicación co-alojada bajo el mismo dominio capturar tokens de sesión de Airflow válidos de los encabezados de las solicitudes HTTP, lo que permite una toma de control completa de la sesión sin atacar a Airflow directamente.\n\nSe recomienda a los usuarios actualizar a Apache Airflow 3.1.8 o posterior, lo que resuelve este problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-668"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*","versionStartIncluding":"3.0.0","versionEndExcluding":"3.1.8","matchCriteriaId":"A355B3D5-BAA7-4680-879B-55D6E3D52D68"}]}]}],"references":[{"url":"https://github.com/apache/airflow/pull/62771","source":"security@apache.org","tags":["Issue Tracking","Patch"]},{"url":"https://lists.apache.org/thread/r4n5znb8mcq14wo9v8ndml36nxlksdqb","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/03/17/3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}