PatchSiren cyber security CVE debrief
CVE-2026-49297 Apache CVE debrief
Apache Airflow's Google provider operators `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. This allows a user with write access to the source GCS bucket to create an object whose name contains `..` segments and cause the DAG run to write the downloaded blob outside the configured destination. The vulnerability affects deployments that ingest from buckets writable by less-trusted principals, such as partner uploads or public-data buckets. Users are advised to upgrade to `apache-airflow-providers-google` 22.2.1 or later.
- Vendor
- Apache
- Product
- apache-airflow-providers-google
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-06
- Original CVE updated
- 2026-07-08
- Advisory published
- 2026-07-06
- Advisory updated
- 2026-07-08
Who should care
Users of Apache Airflow with deployments that ingest from buckets writable by less-trusted principals should be aware of this vulnerability and take steps to mitigate it. This includes reviewing and restricting write access to source GCS buckets, monitoring DAG runs for suspicious activity, and implementing compensating controls to prevent arbitrary file overwrites.
Technical summary
The `GCSToSFTPOperator` and `GCSTimeSpanFileTransformOperator` operators in Apache Airflow's Google provider do not properly normalize or contain GCS object names when writing to a destination filesystem path. This can lead to path traversal attacks, allowing an attacker to overwrite arbitrary files on the SFTP server or the worker host. A user with write access to the source GCS bucket can create an object whose name contains `..` segments and cause the DAG run to write the downloaded blob outside the configured destination. The vulnerability affects deployments that ingest from buckets writable by less-trusted principals, such as partner uploads or public-data buckets.
Defensive priority
High
Recommended defensive actions
- Upgrade to `apache-airflow-providers-google` 22.2.1 or later
- Review and restrict write access to source GCS buckets
- Monitor DAG runs for suspicious activity
- Implement compensating controls to prevent arbitrary file overwrites
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed
Evidence notes
The CVE record was published on 2026-07-06T11:16:30.207Z and has been modified since then. The NVD entry is currently Analyzed. The vulnerability affects deployments that ingest from buckets writable by less-trusted principals. To verify, defenders should check the bucket's access controls and review the DAG runs for suspicious activity. This includes confirming whether affected product deployments exist in managed environments.
Official resources
-
CVE-2026-49297 CVE record
CVE.org
-
CVE-2026-49297 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Exploit, Issue Tracking, Patch
-
Mitigation or vendor reference
[email protected] - Mailing List, Vendor Advisory
-
Mitigation or vendor reference
af854a3a-2127-422b-91ae-364da2661108 - Mailing List, Third Party Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-06T11:16:30.207Z and has been modified since then. The NVD entry is currently Analyzed.