CVE-2026-33264
ADVISORY - pypaSummary
A bug in BaseSerialization.deserialize() allowed unrestricted import_string() of attacker-controlled class paths when the Scheduler / API Server loaded a serialized DAG: a DAG author could embed a malicious trigger into a DAG to gain remote code execution on the API Server / Scheduler process, crossing the Airflow security boundary that DAG-author code must never execute in those processes. Users are advised to upgrade to apache-airflow 3.3.0 or later. As a defense-in-depth mitigation, deployments where DAG-author trust is limited can restrict the [core] allowed_deserialization_classes config to a narrow allowlist.
EPSS Score: 0.01086 (0.613)
Common Weakness Enumeration (CWE)
PypA
CREATED
UPDATED
ADVISORY ID
PYSEC-2026-2082
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
9.8criticalBitnami
CREATED
UPDATED
ADVISORY ID
BIT-airflow-2026-33264
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-