CVE-2026-42359 Apache Software Foundation CVE debrief

Who should care

Organizations running Apache Airflow 3.x deployments with multi-tenant or untrusted user access, particularly those using deferred tasks and the triggerer component. Security teams responsible for supply chain and data pipeline security should prioritize this fix-bypass even if CVE-2026-33858 was previously addressed.

Technical summary

The `PATCH /api/v2/xcomEntries/{key}` endpoint in Apache Airflow fails to validate against `FORBIDDEN_XCOM_KEYS`, allowing authenticated users with XCom write permissions to modify reserved keys like `return_value`. Combined with acceptance of serialized payloads that the triggerer deserializes as executable code, this results in remote code execution on the triggerer during task deferral. The vulnerability exists because CVE-2026-33858's fix (PR #64148) only covered the POST/set path. Resolution requires upgrading to apache-airflow 3.2.2+ where PR #65915 extends validation to the PATCH path.

Defensive priority

critical

Recommended defensive actions

• Upgrade to apache-airflow 3.2.2 or later to obtain the PATCH-path `FORBIDDEN_XCOM_KEYS` validation
• Audit and restrict XCom write permissions to trusted users only, particularly on DAGs that use deferral/triggerer patterns
• Review existing XCom entries for unauthorized modifications to reserved keys such as `return_value`
• If immediate patching is not feasible, consider network segmentation to limit triggerer exposure and monitor for anomalous XCom PATCH operations
• Verify that prior CVE-2026-33858 mitigations are in place and do not rely solely on POST endpoint validation

Evidence notes

The vulnerability is a fix-bypass of CVE-2026-33858: PR #64148 added `FORBIDDEN_XCOM_KEYS` validation only on the POST/set path, leaving the PATCH path uncovered. The CWE-502 classification indicates deserialization of untrusted data. The fix is tracked in PR #65915.

Official resources