๐Ÿ” CVE Alert

CVE-2026-33264

CRITICAL 9.8

Apache Airflow: DAG author RCE on webserver via unrestricted import_string() in BaseSerialization.deserialize()

CVSS Score
9.8
EPSS Score
0.7%
EPSS Percentile
48th

A bug in `BaseSerialization.deserialize()` allowed unrestricted `import_string()` of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossing the Airflow security boundary that DAG-author code must never execute in those processes. Users are advised to upgrade to `apache-airflow` 3.3.0 or later. As a defense-in-depth mitigation, deployments where DAG-author trust is limited can restrict the `[core] allowed_deserialization_classes` config to a narrow allowlist.

CWE CWE-502
Vendor apache software foundation
Product apache airflow
Published Jul 7, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for apache software foundation apache airflow

Be the first to know when new critical vulnerabilities affecting apache software foundation apache airflow are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Apache Software Foundation / Apache Airflow
0 < 3.3.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/apache/airflow/pull/66002 github.com: https://github.com/apache/airflow/pull/68528 lists.apache.org: https://lists.apache.org/thread/otvdw8qt2y7xy2n5nq9xby9ky4rf5ltj openwall.com: http://www.openwall.com/lists/oss-security/2026/07/07/1

Credits

Ziyu Lin bugbunny.ai intadd (GitHub handle: @intadd) K Amogh Desai (@amoghrajesh) Jarek Potiuk