MEDIUM 5.9

CVE-2026-41017: Apache Airflow JWT Cookie Secure Flag Bypass

Apache Airflow's JWT authentication middleware fails to mark session cookies as secure, exposing them to interception when the API server sits behind a TLS-terminating reverse proxy—a standard cloud architecture. An attacker on a shared network (public Wi-Fi, compromised LAN, or captive portal) can intercept an authenticated user's session token and replay it to gain API access. The vulnerability only materializes in specific deployment topologies where the reverse proxy strips HTTPS before forwarding to Airflow; teams running Airflow with end-to-end encryption or without reverse proxies are not affected. Apache Airflow 3.2.2 and later patch this issue.

Source data · NVD / CISA · public domain

CVSS
3.1 · 5.9 MEDIUM · CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Weaknesses (CWE)
CWE-614
Affected products
1 configuration(s)
Published / Modified
2026-06-01 / 2026-06-17

NVD description (verbatim)

Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy (e.g. nginx / Envoy / a managed load balancer that terminates TLS and forwards plaintext to the API server, the default cloud-native topology) would have the user's session JWT replayed over any cleartext HTTP request to the same host. A network-positioned attacker (Wi-Fi MITM, hostile LAN, captive-portal proxy) could induce a logged-in user's browser to issue an HTTP request to the deployment's hostname and capture the JWT cookie out of that request, then replay it against the authenticated API. Affects deployments where the Airflow API server is reached through a TLS-terminating proxy and the cookie's secure-by-default protection is load-bearing for session integrity. Users are advised to upgrade to `apache-airflow` 3.2.2 or later.

3 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The JWTRefreshMiddleware in Apache Airflow creates authentication cookies without setting the Secure flag, which instructs browsers to only transmit the cookie over encrypted channels. In deployments where TLS termination occurs at a front-end proxy (nginx, Envoy, AWS ALB, etc.) with plaintext HTTP forwarding to the backend Airflow service, the middleware's cookie handling becomes the session integrity boundary. An attacker positioned to observe network traffic—such as on a Wi-Fi network or within an ISP/datacenter lateral segment—can trick a logged-in user's browser into making an unencrypted HTTP request to the Airflow hostname (via DNS spoofing, ARP injection, or browser-based redirects), capture the session JWT in that request, and use it to authenticate subsequent API calls. The impact is bounded to confidentiality; the attacker can read API data but cannot modify it via this vector alone.

Business impact

Session hijacking of Airflow users could allow unauthorized access to orchestration metadata, task history, variable secrets, and potential lateral movement into connected systems if Airflow's service account is broadly permissioned. The risk is heightened in organizations where Airflow coordinates sensitive data pipelines or has cross-cloud/multi-tenant access. Compliance frameworks (SOC 2, HIPAA, PCI-DSS) expect session cookies to be Secure-flagged in web applications; this gap could surface in audit findings. For organizations already using end-to-end encryption or non-proxy Airflow deployments, the practical risk is low, but teams should verify their architecture matches one of the safe patterns before dismissing the vulnerability.

Affected systems

Apache Airflow versions prior to 3.2.2. The vulnerability is active only when the Airflow API server is accessed through a TLS-terminating reverse proxy that forwards requests as plaintext HTTP to Airflow—the de facto standard topology in Kubernetes, AWS ECS, and other cloud-native environments. Self-hosted Airflow instances without a proxy, or those with end-to-end TLS between proxy and API server, are unaffected. The vulnerability affects the Airflow API server; Airflow schedulers, workers, and web UIs are not directly targeted.

Exploitability

Exploitation requires network-layer positioning (Wi-Fi MITM, compromised corporate network, or ISP visibility) and relies on inducing a user to make an unencrypted HTTP request to the Airflow domain. Practical exploitation is non-trivial for an attacker without pre-existing network presence, but the threat model is realistic in public Wi-Fi, shared hosting, and zero-trust network microsegmentation scenarios. The CVSS score of 5.9 (Medium) reflects the requirement for both network access and specific deployment topology; organizations in air-gapped or tightly segmented networks face lower practical risk.

Remediation

Upgrade Apache Airflow to version 3.2.2 or later, which patches the JWTRefreshMiddleware to set the Secure flag on all authentication cookies. For teams unable to patch immediately, mitigations include enforcing HTTPS-only access at the reverse proxy level (reject plaintext HTTP), implementing HSTS headers, and ensuring DNS security (DNSSEC/DNS pinning) to reduce the surface for inducing HTTP requests. These controls do not address the root cause but reduce exploitability.

Patch guidance

Apply Apache Airflow 3.2.2 or later to all API server instances. The patch is backward-compatible; no configuration changes are required. After patching, verify that the `Set-Cookie` header in API responses includes `Secure` and `HttpOnly` flags via browser developer tools or HTTP traffic inspection. Consider rolling updates in a canary pattern if Airflow is part of a critical workflow, though the patch is low-risk.

Detection guidance

Monitor for HTTP requests (not HTTPS) to Airflow API endpoints; legitimate traffic should be HTTPS-only behind a properly configured reverse proxy. Log analysis of reverse proxy access logs can reveal non-HTTPS requests to the API path. If SIEM integration is in place, create rules for successful API authentication attempts immediately preceded by HTTP requests to the same hostname. Network visibility tools (packet capture, flow analytics) can detect DNS redirections or ARP spoofing attempts that might precede exploitation, though these are also indicators of broader network compromise.

Why prioritize this

This is a Medium-severity vulnerability with a context-dependent risk profile. Organizations using cloud-native reverse proxy topologies (the majority) should prioritize patching, but teams with alternate architectures can deprioritize after confirming their setup. It does not appear on the CISA Known Exploited Vulnerabilities (KEV) list, indicating no widespread active exploitation as of the last update. Patch in the next standard maintenance window; do not treat as a critical emergency unless you confirm your deployment uses a TLS-terminating proxy.

Risk score, explained

The CVSS 3.1 score of 5.9 (Medium, vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) balances a high-confidentiality impact (H) with a high attack complexity (H) due to the requirement for network positioning and a specific deployment topology. No user interaction is needed (UI:N) and the attack is network-reachable (AV:N), but the combination of AC:H and the architectural prerequisite prevents a higher rating. Organizations not using the affected topology can lower the effective score for their environment.

Frequently asked questions

Does this affect Airflow web UI logins?

No, only the API server's JWT middleware is affected. The web UI has separate authentication mechanisms and is not directly exposed via this vector, though users of an exposed API could infer sensitive workflow data.

What if our Airflow is behind an application firewall or WAF?

A WAF cannot prevent this vulnerability because the issue is in the Airflow service itself, not in malicious request patterns. However, a WAF or proxy that enforces HTTPS-only traffic and blocks plaintext HTTP to API endpoints provides effective defense-in-depth until patching is complete.

Do we need to rotate user sessions after patching?

Session rotation is recommended as best practice after patching, particularly for users who may have accessed Airflow over untrusted networks before the upgrade. Airflow does not provide a bulk session revocation tool, so rotation typically occurs naturally as sessions expire.

How can we confirm our deployment is vulnerable?

Check your Airflow version (prior to 3.2.2) and your architecture: if your Airflow API server is reached through a reverse proxy that terminates HTTPS and forwards HTTP, you are vulnerable. You can verify by inspecting the Set-Cookie header in API responses—if it lacks the Secure flag, the vulnerability is present in your environment.

This analysis is based on publicly available vulnerability data and the CVE description as of June 2026. Patch version numbers and affected product versions are sourced from vendor advisories and should be verified against the official Apache Airflow security documentation. The vulnerability's impact is highly dependent on deployment architecture; organizations should assess their specific topology before determining risk level. No exploit code or weaponized proof-of-concept is provided. This content is for informational purposes and does not constitute professional security advice; consult with your internal security team or a qualified third party for deployment-specific guidance. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).