CNVD-2026-13248 — Vulnetix

CNVD-2026-13248 PUBLISHED CVSS 6.5 MEDIUM

Apache Airflow是美国阿帕奇（Apache）基金会的一套具有创建、管理和监控工作流程功能的开源平台。该平台具有可扩展和动态监控等特点。 Apache Airflow存在日志信息泄露漏洞。攻击者可利用该漏洞导致敏感信息泄露。

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Apache Software Foundation	Apache Airflow	0

Exploit Intelligence

https://github.com/apache/airflow/pull/61882 (circl)
https://lists.apache.org/thread/nxovkp319jo8vg498gql1yswtb2frbkw (circl)
CIRCL seen: CVE-2025-27555 (circl-sighting)
CIRCL seen: CVE-2025-27555 (circl-sighting)

Timeline

Feb 23, 2026 PoC Published
Feb 24, 2026 CVE Published
Feb 24, 2026 PoC Published

References

https://github.com/apache/airflow/pull/61882 patch
https://lists.apache.org/thread/nxovkp319jo8vg498gql1yswtb2frbkw vendor-advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›