{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31987", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2026-03-10T18:31:09.400Z", "datePublished": "2026-04-16T13:31:52.336Z", "dateUpdated": "2026-04-16T18:24:29.466Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://pypi.python.org", "defaultStatus": "unaffected", "packageName": "apache-airflow", "product": "Apache Airflow", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "3.2.0", "status": "affected", "version": "3.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "unixengineer"}, {"lang": "en", "type": "finder", "value": "Jason Imison"}, {"lang": "en", "type": "remediation developer", "value": "Pineapple"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. <br>Users are advised to upgrade to Airflow version that contains fix.<br><br>Users are recommended to upgrade to version 3.2.0, which fixes this issue. <br><br>"}], "value": "JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. \nUsers are advised to upgrade to Airflow version that contains fix.\n\nUsers are recommended to upgrade to version 3.2.0, which fixes this issue."}], "metrics": [{"other": {"content": {"text": "Moderate"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-04-16T13:31:52.336Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/apache/airflow/pull/62964"}, {"tags": ["issue-tracking"], "url": "https://github.com/apache/airflow/issues/62428"}, {"tags": ["issue-tracking"], "url": "https://github.com/apache/airflow/issues/62773"}, {"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/pvsrtxzwo9xy6xgknmwslv4zrw70kt6g"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Airflow: JWT token appearing in logs", "x_generator": {"engine": "airflow-s/generate_cve_json.py"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/16/7"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-16T18:24:29.466Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. \nUsers are advised to upgrade to Airflow version that contains fix.\n\nUsers are recommended to upgrade to version 3.2.0, which fixes this issue."}], "id": "CVE-2026-31987", "lastModified": "2026-04-17T15:38:09.243", "metrics": {}, "published": "2026-04-16T14:16:13.490", "references": [{"source": "security@apache.org", "url": "https://github.com/apache/airflow/issues/62428"}, {"source": "security@apache.org", "url": "https://github.com/apache/airflow/issues/62773"}, {"source": "security@apache.org", "url": "https://github.com/apache/airflow/pull/62964"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread/pvsrtxzwo9xy6xgknmwslv4zrw70kt6g"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/04/16/7"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "security@apache.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[3.0.0,3.2.0)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Apache Airflow", "source": "cna", "vendor": "Apache Software Foundation"}, "product": "airflow", "vendor": "apache"}], "analysis": {"en": {"generated_at": "2026-04-17T02:58:59.292276+00:00", "value": {"mitigation_remediation": ["Upgrade Airflow to version 3.2.0 or later, which removes the log exposure.", "Scan existing log files for any recorded JWT tokens, delete or rotate those logs, and ensure that previous versions are cleaned.", "Adjust the logging configuration to mask or omit sensitive fields such as JWTs in future logs."], "summary": {"action": "Patch", "impact": "Privilege Escalation via exposed JWT tokens"}, "threat_synthesis": {"affected_systems": "The vulnerability affects installations of Apache Airflow maintained by the Apache Software Foundation. Versions prior to 3.2.0 have not applied the fix, so any release older than 3.2.0 is susceptible.", "description_and_impact": "JWT tokens used by Apache Airflow tasks were recorded in log files. Anyone who can read these logs, such as a UI user, would obtain a token that grants the authority of a Dag Author. Using that token, an attacker could create, modify, or delete DAG definitions, potentially injecting malicious code or causing unauthorized data processing.", "risk_and_exploitability": "No EPSS score is available, and the issue is not listed in the KEV catalog, so official exploitation data is sparse. The attack vector is inferred to be through the Airflow UI or any process that reads the application logs; thus, individuals with log access pose a risk. The CVSS score is not provided, but the potential to elevate privileges suggests a moderate to high impact if exploited."}}}}, "created": "2026-04-16T15:30:06.054751+00:00", "updated": "2026-04-17T03:00:08.465261+00:00", "vendors": ["apache", "apache$PRODUCT$airflow"]}