CVE-2026-33264

Apache Software Foundation · Apache Airflow

A deserialization vulnerability in Apache Airflow allows unauthenticated attackers to achieve remote code execution via malicious DAG serialization.

Executive summary

A critical deserialization flaw in Apache Airflow allows unauthenticated attackers to execute arbitrary code on the API Server or Scheduler.

Vulnerability

This vulnerability resides in the BaseSerialization.deserialize() function, which fails to properly validate class paths during the loading of serialized DAGs. An unauthenticated attacker can exploit this to perform remote code execution by injecting a malicious trigger into a DAG.

Business impact

The ability for an attacker to execute arbitrary code on the Scheduler or API Server poses an existential risk to the integrity and availability of the entire data pipeline orchestration infrastructure. Given the CVSS score of 9.8, this vulnerability allows for total system compromise, potentially leading to unauthorized data exfiltration, lateral movement within the network, and complete loss of control over automated workflows.

Remediation

Immediate Action: Upgrade to apache-airflow version 3.3.0 or later immediately.

Proactive Monitoring: Audit Airflow logs for unexpected class imports or anomalous execution patterns within DAG processing tasks.

Compensating Controls: Restrict the [core] allowed_deserialization_classes configuration to a strict allowlist to prevent the instantiation of unauthorized or dangerous classes.

Exploitation status

Public Exploit Available: False

Analyst recommendation

This vulnerability represents a critical threat to Airflow deployments. Administrators must prioritize upgrading to version 3.3.0 immediately. If an immediate upgrade is not feasible, applying the suggested configuration-based allowlist is a mandatory defense-in-depth measure to mitigate the risk of arbitrary code execution.