SQL Error Stack Trace Exposed in Apache Airflow API (pre-3.2.0)
CVE-2026-30912 Published on April 18, 2026

Apache Airflow: Exposing stack trace in case of constraint error
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.

Vendor Advisory NVD

Weakness Type

Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Products Associated with CVE-2026-30912

Want to know whenever a new CVE is published for Apache AirFlow? stack.watch will email you.

Apache AirFlow

Affected Versions

Apache Software Foundation Apache Airflow:

Before 3.2.0 is affected.

SQL Error Stack Trace Exposed in Apache Airflow API (pre-3.2.0)CVE-2026-30912 Published on April 18, 2026

Weakness Type

Exposure of Resource to Wrong Sphere

Products Associated with CVE-2026-30912

Affected Versions

SQL Error Stack Trace Exposed in Apache Airflow API (pre-3.2.0)
CVE-2026-30912 Published on April 18, 2026