{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-13T09:31:18.721","vulnerabilities":[{"cve":{"id":"CVE-2026-30911","sourceIdentifier":"security@apache.org","published":"2026-03-17T11:16:11.940","lastModified":"2026-03-17T17:32:57.580","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop (HITL) endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance.\n\n\nUsers are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue."},{"lang":"es","value":"Vulnerabilidad por falta de autorizaciĆ³n en las versiones de Apache Airflow 3.1.0 a 3.1.7 en los endpoints Human-in-the-Loop (HITL) de la API de EjecuciĆ³n que permite a cualquier instancia de tarea autenticada leer, aprobar o rechazar flujos de trabajo HITL pertenecientes a cualquier otra instancia de tarea.\n\nSe recomienda a los usuarios actualizar a Apache Airflow 3.1.8 o posterior, lo que resuelve este problema."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security@apache.org","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*","versionStartIncluding":"3.1.0","versionEndExcluding":"3.1.8","matchCriteriaId":"58CF9626-1125-48AE-A21E-476602618C14"}]}]}],"references":[{"url":"https://github.com/apache/airflow/pull/62886","source":"security@apache.org","tags":["Issue Tracking","Patch"]},{"url":"https://lists.apache.org/thread/1rs2v7fcko2otl6n9ytthcj87cmsgx51","source":"security@apache.org","tags":["Mailing List","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/03/17/2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}