Apache Airflow: Incomplete redaction allowlist exposes secrets in Connection `extra` to read-permitted users
Moderate severity
GitHub Reviewed
Published
Jun 1, 2026
to the GitHub Advisory Database
•
Updated Jul 7, 2026
Description
Published by the National Vulnerability Database
Jun 1, 2026
Published to the GitHub Advisory Database
Jun 1, 2026
Last updated
Jul 7, 2026
Reviewed
Jul 7, 2026
A bug in the GET
/api/v2/connections/{connection_id}REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection'sextraJSON blob under field names not present in the redaction allowlist (DEFAULT_SENSITIVE_FIELDS) — for example, official Slack-provider credential field names were returned in plaintext. Affects deployments that store credentials in Connectionextrablobs and grant Connection-read access to multiple users. Users are advised to upgrade toapache-airflow3.2.2 or later. As a defense-in-depth mitigation, deployment operators can store sensitive credential values in a secret-backend rather than inlined into the Connection'sextrafield.References