CVE-2026-41084 Apache Software Foundation CVE debrief

Who should care

Organizations running Apache Airflow with per-DAG permission scoping for team isolation, particularly those using the REST API for bulk Task Instance operations in automated workflows or custom tooling.

Technical summary

The bulk Task Instances API endpoints (`PATCH` and `DELETE`) for `/api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances` contain an authorization bypass where the permission check is performed against the `dag_id` from the URL path parameter, but the actual bulk mutation operations are executed against `dag_id` and `dag_run_id` values parsed from individual entities within the request body. This identifier mismatch enables an authenticated attacker with edit permissions on any single DAG to construct requests that pass authorization (using an allowed DAG in the URL) while targeting arbitrary DAGs and DAG runs by embedding their identifiers in the request body entities. The vulnerability undermines per-DAG access control boundaries in multi-tenant or multi-team Airflow deployments.

Defensive priority

high

Recommended defensive actions

• Upgrade to apache-airflow 3.2.2 or later to remediate this authorization bypass
• Audit Task Instance state changes in multi-team deployments that rely on per-DAG edit scopes for isolation
• Review access logs for bulk Task Instances API calls where URL path dag_id differs from body entity dag_id values
• Validate that authorization checks in custom API endpoints consistently use the same entity identifiers for both permission evaluation and operation execution
• Apply principle of least privilege for DAG-level permissions and monitor for anomalous cross-DAG Task Instance mutations

Evidence notes

Authorization check uses URL path `dag_id`; mutation uses body entity `dag_id`/`dag_run_id`. CWE-639 (Authorization Bypass Through User-Controlled Key) identified by Apache security team. Fix available in apache-airflow 3.2.2 per vendor advisory.

Official resources