PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-49297 Apache CVE debrief

Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. This allows a user with write access to the source GCS bucket to create an object whose name contains `..` segments and cause the DAG run to write the downloaded blob outside the configured destination. The vulnerability affects deployments that ingest from buckets writable by less-trusted principals, such as partner uploads or public-data buckets. Users are advised to upgrade to `apache-airflow-providers-google` 22.2.1 or later.

Vendor
Apache
Product
apache-airflow-providers-google
CVSS
HIGH 8.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-06
Original CVE updated
2026-07-08
Advisory published
2026-07-06
Advisory updated
2026-07-08

Who should care

Users of Apache Airflow with deployments that ingest from buckets writable by less-trusted principals should be aware of this vulnerability and take steps to mitigate it. This includes reviewing and restricting write access to source GCS buckets, monitoring DAG runs for suspicious activity, and implementing compensating controls to prevent arbitrary file overwrites.

Technical summary

The `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` operators in Apache Airflow's Google provider do not properly normalize or contain GCS object names when writing to a destination filesystem path. This can lead to path traversal attacks, allowing an attacker to overwrite arbitrary files on the SFTP server or the worker host. A user with write access to the source GCS bucket can create an object whose name contains `..` segments and cause the DAG run to write the downloaded blob outside the configured destination. The vulnerability affects deployments that ingest from buckets writable by less-trusted principals, such as partner uploads or public-data buckets.

Defensive priority

High

Recommended defensive actions

  • Upgrade to `apache-airflow-providers-google` 22.2.1 or later
  • Review and restrict write access to source GCS buckets
  • Monitor DAG runs for suspicious activity
  • Implement compensating controls to prevent arbitrary file overwrites
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed

Evidence notes

The CVE record was published on 2026-07-06T11:16:30.207Z and has been modified since then. The NVD entry is currently Analyzed. The vulnerability affects deployments that ingest from buckets writable by less-trusted principals. To verify, defenders should check the bucket's access controls and review the DAG runs for suspicious activity. This includes confirming whether affected product deployments exist in managed environments.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-06T11:16:30.207Z and has been modified since then. The NVD entry is currently Analyzed.