QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-69219

Back to search

CVE-2025-69219

Published: Mar 9, 2026

Modified: Mar 10, 2026

PUBLISHED

Description

A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low. You should upgrade to version 6.0.0 of the provider to avoid even that risk.

VendorProductVersions

Apache Software Foundation

Apache Airflow Providers Http

affected
5.1.0 - < 6.0.0

Weaknesses (CWE)

CWE-913

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now