CVE-2026-24098

{"id": "CVE-2026-24098", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2026-02-09T11:16:14.660", "references": [{"url": "https://github.com/apache/airflow/pull/60801", "tags": ["Issue Tracking", "Patch"], "source": "[email protected]"}, {"url": "https://lists.apache.org/thread/nx96435v77xdst7ls5lk57kqvqyj095x", "tags": ["Mailing List", "Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2026/02/09/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Apache Airflow versions before 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. \n\nUsers are advised to upgrade to 3.1.7 or later, which resolves this issue"}], "lastModified": "2026-02-11T18:30:27.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B2AF70A-E823-4086-9F3C-B5A9358EF52E", "versionEndExcluding": "3.1.7"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}