Apache Airflow has a Link Following issue
Moderate severity
GitHub Reviewed
Published
Jun 1, 2026
to the GitHub Advisory Database
•
Updated Jul 9, 2026
Description
Published by the National Vulnerability Database
Jun 1, 2026
Published to the GitHub Advisory Database
Jun 1, 2026
Reviewed
Jul 9, 2026
Last updated
Jul 9, 2026
A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g.
/etc/passwdorairflow.cfg) or (b) supply atask_idcontaining..sequences accepted by the Task SDK'sKEY_REGEX(write-path attack), and in both cases the FileTaskHandler resolves the log path outside the configuredbase_log_folder, leaking or overwriting arbitrary files. Only affects deployments where the worker log folder is shared with the API server. Users are advised to upgrade toapache-airflow3.2.2 or later. As a defense-in-depth mitigation, deploy the worker and API server with separate log volumes so that worker-controlled paths cannot reach the API server's filesystem.References