CVE-2026-45360

EUVD-2026-33587

01.06.2026, 09:16

Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — the default on single-host deployments where the DAG bundle is importable from the scheduler process — could embed a custom `DeadlineReference` whose serialized form named an attacker-controlled module path, causing the scheduler to `import_string(...)` and instantiate that class with a live SQLAlchemy session attached. Affects deployments where DAG-author code is less trusted than the scheduler process. Users are advised to upgrade to `apache-airflow` 3.2.2 or later.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
apache	CNA	UNKNOWN				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
apache	airflow	𝑥 < 3.2.2	CNA

Common Weakness Enumeration

CWE-502 - Deserialization of Untrusted Data
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Vulnerability Media Exposure

[GERMAN] Apache Airflow: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Apache Airflow ausnutzen, um beliebigen Programmcode auszuführen, um Informationen offenzulegen, um Dateien zu manipulieren, und um Sicherheitsvorkehrungen zu umgehen.
Published: 2026-05-31T22:00:00+00:00

References

https://github.com/apache/airflow/pull/66737

https://lists.apache.org/thread/q227dghjwgfz8xsxrf2pwpz4wk43zm83

http://www.openwall.com/lists/oss-security/2026/05/31/12