CVE-2021-26697

CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check

Vendor Apache Software Foundation

Product Apache Airflow

Weakness CWE-269

Published February 17, 2021

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.

Key dates

02Disclosure timeline

February 17, 2021 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-26697

Related vulnerabilities

CVE-2021-26697: Apache Airflow: Lineage API endpoint for Experimental API missed authentication check

01Description

02Disclosure timeline

03References

04Related CVE