Apache Airflow 3.2.0: XCom payload enables DAG-author code exec
CVE-2026-33858 Published on April 13, 2026

Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0, which resolves this issue.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-33858 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2026-33858 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.

Products Associated with CVE-2026-33858

Want to know whenever a new CVE is published for Apache AirFlow? stack.watch will email you.

Apache AirFlow

Affected Versions

Apache Software Foundation Apache Airflow:

Version 3.1.8 and below 3.2.0 is affected.

Apache Airflow 3.2.0: XCom payload enables DAG-author code execCVE-2026-33858 Published on April 13, 2026

Vulnerability Analysis

Weakness Type

What is a Marshaling, Unmarshaling Vulnerability?

Products Associated with CVE-2026-33858

Affected Versions

Apache Airflow 3.2.0: XCom payload enables DAG-author code exec
CVE-2026-33858 Published on April 13, 2026