CVE-2026-27173
EUVD-2026-3097719.05.2026, 20:16
JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| apache | apache-airflow-providers-cncf-kubernetes | 𝑥 < 10.17.0 |
𝑥
= Vulnerable software versions