Apache Airflow is a platform to programmatically author, schedule, and monitor workflows.

Apache Airflow

Homebrew is a free and open-source software package management system that simplifies the installation of software on Apple's macOS operating system and Linux. The name is intended to suggest the idea of building software on the Mac depending on the user's taste. Originally written by Max Howell, the package manager has gained popularity in the Ruby on Rails community and earned praise for its extensibility.

Homebrew

MinimOS is a minimalist operating system designed for simplicity and efficiency. It aims to provide only essential functionalities, making it lightweight and suitable for resource-constrained environments. MinimOS is often used in embedded systems or as a base for custom operating system development.

MinimOS

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag_id set to "~" (wildcard for all DAGs). As a result, version metadata of DAGs that the requester is not authorized to access is returned.


Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-30911	HIGH	8.1	Apache Airflow	apache-airflow	No	Yes	Mar 17, 2026
CVE-2026-28779	HIGH	7.5	Apache Airflow	apache-airflow	No	Yes	Mar 17, 2026
CVE-2026-26929	MEDIUM	6.5	Apache Airflow	airflow	No	Yes	Mar 17, 2026
CVE-2025-27555	MEDIUM	6.5	Apache Airflow	airflow-core-2	No	Yes	Feb 24, 2026
CVE-2026-28563	MEDIUM	4.3	Apache Airflow	apache-airflow	No	Yes	Mar 17, 2026

CVE-2026-26929:
Apache Airflow vulnerability analysis and mitigation

6.5

Related Apache Airflow vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-26929: Apache Airflow vulnerability analysis and mitigation