QwikSec

Security Database

CVE

CWE

Training

CVE-2026-40690

Published: Apr 24, 2026

Modified: Apr 24, 2026

PUBLISHED

Description

The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope. Users are recommended to upgrade to version 3.2.1, which fixes this issue.

Vendor	Product	Versions
Apache Software Foundation	Apache Airflow	affected `0 - < 3.2.1`

Weaknesses (CWE)

References

https://github.com/apache/airflow/pull/65273

patch

https://lists.apache.org/thread/bqt7y4g2cpj396b0sd20lv510ff19ndl

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.