Apache Airflow: Exposing stack trace in case of constraint error

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.

Basic Information

ID CVE-2026-30912

Source apache

Published Apr 18, 2026 at 06:20

Modified Apr 20, 2026 at 16:26

Affected Product

Vendor Apache Software Foundation

Product Apache Airflow

Affected Versions Apache Software Foundation Apache Airflow 0

CWE Classification

CWE-668

References

{
    "lastseen": "",
    "description": "In case of SQL errors, exception/stack trace of errors was exposed in API even if \"api/expose_stack_traces\" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.",
    "published": "2026-04-18T06:20:30.254Z",
    "modified": "2026-04-20T16:26:07.128Z",
    "type": "cve",
    "title": "Apache Airflow: Exposing stack trace in case of constraint error",
    "source": "apache",
    "references": "https://github.com/apache/airflow/pull/63028\nhttps://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9",
    "id": "CVE-2026-30912",
    "bulletinFamily": "",
    "cwe": [
        "CWE-668"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache Airflow 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache Airflow",
    "version": "0",
    "vendor": "Apache Software Foundation",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Apache Airflow: Exposing stack trace in case of constraint error_CVE-2026-30912