PatchSiren cyber security CVE debrief

CVE-2026-40861 Apache Software Foundation CVE debrief

A path traversal vulnerability in Apache Airflow's FileTaskHandler allows DAG authors to read or overwrite arbitrary files accessible to the API server process. Two attack vectors exist: (a) a symlink placed under the task's log directory pointing to sensitive files like /etc/passwd or airflow.cfg (read-path), and (b) a task_id containing .. sequences that pass the Task SDK's KEY_REGEX validation (write-path). In both cases, the log path resolves outside the configured base_log_folder. The vulnerability only manifests when worker log folders are shared with the API server filesystem. Apache released apache-airflow 3.2.2 to address this issue. The weakness is categorized as CWE-59 (Improper Link Resolution Before File Access, 'Link Following').

Vendor: Apache Software Foundation
Product: Apache Airflow
CVSS: Unknown
CISA KEV: Not listed in stored evidence
Original CVE published: 2026-06-01
Original CVE updated: 2026-06-01
Advisory published: 2026-06-01
Advisory updated: 2026-06-01

Who should care

Organizations running Apache Airflow with shared filesystems between workers and API servers, particularly multi-tenant deployments where DAG authors may be untrusted or partially trusted. Security teams responsible for data pipeline infrastructure and those with compliance requirements around log integrity and filesystem isolation.

Technical summary

The FileTaskHandler in Apache Airflow fails to properly validate and contain log file paths within the configured base_log_folder. Attack vector (a): a DAG author with task execution privileges creates a symbolic link inside their task's log directory targeting any file readable by the API server process, causing log read operations to follow the symlink and expose file contents. Attack vector (b): a DAG author supplies a task_id containing .. sequences that satisfy the Task SDK's KEY_REGEX pattern, causing the FileTaskHandler to construct and write log files to paths outside base_log_folder. Both vectors require that the worker's log directory resides on a filesystem shared with or accessible to the API server. The fix in apache-airflow 3.2.2 adds proper path validation and sanitization to prevent directory traversal and symlink following during log path resolution.

Defensive priority

high

Recommended defensive actions

Upgrade to apache-airflow 3.2.2 or later as the primary remediation.
Deploy workers and API servers with separate log volumes so that worker-controlled paths cannot reach the API server's filesystem as a defense-in-depth measure.
Audit existing DAGs for suspicious symlinks in task log directories or task_id values containing directory traversal sequences.
Restrict DAG authoring privileges to trusted users until patching is complete.
Monitor for unauthorized file access attempts in API server process audit logs.

Evidence notes

CVE description confirms two attack paths (symlink read-path and task_id traversal write-path) both escaping base_log_folder. Source references include Apache security advisory mailing list thread and GitHub pull request 65325. CPE criteria not yet populated in NVD record (vulnStatus: Received). Vendor attribution to Apache based on reference_domain_candidate evidence and product name apache-airflow in description, though vendor field shows low-confidence 'Unknown Vendor' requiring review.

Official resources

CVE-2026-40861 CVE record
CVE.org
CVE-2026-40861 NVD detail
NVD
Source item URL
nvd_modified
Source reference
[email protected]
Source reference
[email protected]
Source reference
af854a3a-2127-422b-91ae-364da2661108

2026-06-01