QwikSec

Security Database

CVE

CWE

Training

CVE-2026-22922

Published: Feb 9, 2026

Modified: Feb 9, 2026

PUBLISHED

Description

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this issue.

Vendor	Product	Versions
Apache Software Foundation	Apache Airflow	affected `3.1.0 - < 3.1.7`

Weaknesses (CWE)

References

https://github.com/apache/airflow/pull/60412

patch

https://lists.apache.org/thread/gdb7vffhpmrj5hp1j0oj1j13o4vmsq40

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.