CVE-2026-30912

CVE-2026-30912: Apache Airflow: Exposing stack trace in case of constraint error

Vendor Apache Software Foundation

Product Apache Airflow

Weakness CWE-668

Published April 18, 2026

Last update April 20, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.

Key dates

Disclosure timeline

April 18, 2026 CVE published

April 20, 2026 Record updated