CVE 8.7 HIGH

Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments_CVE-2026-27173

May 19, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

Description

JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks.

AI Analysis

Exposure of JWT tokens in KubernetesExecutor command-line arguments, allowing read-only users to perform actions and potentially modify Airflow Database state

Basic Information

ID CVE-2026-27173

Source apache

Published May 19, 2026 at 19:19

Modified May 19, 2026 at 19:57

Affected Product

Vendor Apache Software Foundation

Product Apache Airflow CNCF Kubernetes provider

Affected Versions Apache Software Foundation Apache Airflow CNCF Kubernetes provider 0

CWE Classification

CWE-538

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Apache Software Foundation

Product Apache Airflow CNCF Kubernetes provider

References

{
    "lastseen": "",
    "description": "JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks.",
    "published": "2026-05-19T19:19:00.266Z",
    "modified": "2026-05-19T19:57:11.716Z",
    "type": "cve",
    "title": "Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments",
    "source": "apache",
    "references": "https://github.com/apache/airflow/pull/60108\nhttps://lists.apache.org/thread/pk3m2z4s2rkmc0v6gh9hnch9spc6stqw",
    "id": "CVE-2026-27173",
    "bulletinFamily": "",
    "cwe": [
        "CWE-538"
    ],
    "cvelist": null,
    "sourceData": "Apache Software Foundation Apache Airflow CNCF Kubernetes provider 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Apache Airflow CNCF Kubernetes provider",
    "version": "0",
    "vendor": "Apache Software Foundation",
    "ai_description": "Exposure of JWT tokens in KubernetesExecutor command-line arguments, allowing read-only users to perform actions and potentially modify Airflow Database state",
    "ai_severity": "High",
    "ai_vendor": "Apache Software Foundation",
    "ai_product": "Apache Airflow CNCF Kubernetes provider",
    "ai_version": "0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply