CVE-2026-32228

· NIST NVD ↗

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue.

HIGH
CVSS severity
7.5
CVSS base score
2026-04-18
Published

CWE codes

CWE-863

Affected products

apache:airflow

Sources