MEDIUM 6.5

CVE-2026-42358: Apache Airflow Secret Masking Bypass for Deeply Nested JSON Variables

Apache Airflow's secret-masking feature, which is supposed to hide sensitive values in Variables when they're accessed through the UI or API, has a flaw that lets authenticated users read plaintext secrets stored in deeply nested JSON structures. The masking tool gives up checking for sensitive key names (like 'password', 'token', 'secret', 'api_key') once it reaches a certain nesting depth, so secrets buried deeper than that limit slip through unmasked. Any user with permission to read Variables can exploit this. This is a follow-up to an earlier fix; that patch addressed shallow nesting, but didn't raise the depth limit itself, leaving the same bypass hole for deeper structures.

Source data · NVD / CISA · public domain

CVSS
3.1 · 6.5 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weaknesses (CWE)
CWE-200
Affected products
1 configuration(s)
Published / Modified
2026-06-01 / 2026-06-17

NVD description (verbatim)

A bug in Apache Airflow's Variable response masker caused nested-key redaction (triggered by secret-suffixed key names like `password`, `token`, `secret`, `api_key`) to be bypassed when the JSON value's nesting depth exceeded the shared secrets masker's recursion limit: the masker returned the original nested item before checking the sensitive key name. An authenticated UI/API user with Variable read permission could harvest plaintext secret values stored under sensitive keys nested deep enough to exceed the masker's depth cap. Affects deployments that store sensitive values inside deeply-nested JSON Variables. This is a residual gap in the fix for CVE-2026-32690 (which covered shallower nesting via `max_depth=1`); the depth-limit boundary itself was not raised, so the same key-name bypass pattern reappears beyond the recursion cap. Users who already upgraded for CVE-2026-32690 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the deep-nesting path.

2 reference(s) · View on NVD →

SEC.co analysis · AI-assisted, reviewed against source

Technical summary

The vulnerability exists in Apache Airflow's Variable response masker, which redacts values associated with secret-pattern key names at response time. The masker implements a recursion depth limit to prevent stack exhaustion during tree traversal of nested JSON Variable values. However, the implementation returns the original nested item without first checking whether its key name matches a sensitive pattern (password, token, secret, api_key, etc.) when that item's depth exceeds the configured recursion cap. This means a Variable with structure like {"outer": {"inner": {"deeply": {"nested": {"password": "secret123"}}}}} may escape masking if the password key sits beyond the depth threshold. The prior fix (CVE-2026-32690) only constrained shallower nesting via max_depth=1 and did not increase the overall recursion limit, leaving the boundary-crossing pattern unpatched for deeper structures.

Business impact

Any Airflow deployment storing sensitive configuration, credentials, or API keys inside nested JSON Variables is at risk if an attacker or malicious insider holds Variable read permissions. Secret leakage could compromise downstream systems, APIs, databases, or external services that those credentials protect. Organizations using Airflow for orchestration of cloud infrastructure, data pipelines, or third-party integrations may find authentication tokens or API keys exposed to unauthorized users. The blast radius depends on secret scope—database passwords or cloud credentials could enable broad lateral movement.

Affected systems

Apache Airflow instances with Variables containing nested JSON structures where sensitive keys (password, token, secret, api_key, and similar patterns) are nested deeper than the masker's recursion depth limit. The vulnerability requires an authenticated UI or API user with Variable read permission; it does not affect unauthenticated access. Any recent Airflow 3.x or 2.x version prior to the recommended patch is likely vulnerable if configuration secrets are stored in Variables rather than external secret backends.

Exploitability

Exploitation requires valid Airflow UI or API credentials with at least Variable read permission—a low bar in many organizations where DAG developers or operators have such access. No interaction or special conditions beyond crafting a nested JSON Variable and reading it back are needed. An attacker need not interact with the Variable; simple read access during normal workflow inspection surfaces the plaintext secrets. This makes the vulnerability straightforward to weaponize for insiders or compromised low-privilege accounts. However, the attack does not affect Variables stored in external secret backends (e.g., HashiCorp Vault, AWS Secrets Manager) if those are properly configured instead of inline JSON storage.

Remediation

Upgrade Apache Airflow to version 3.2.2 or later, which raises the masker's recursion depth limit and ensures key-name checking occurs before returning any nested item, regardless of depth. Organizations already patched for CVE-2026-32690 should treat this as a critical follow-up upgrade. Until patching is complete, audit Variable configurations to identify secrets stored in nested JSON and migrate them to external secret backends (Vault, AWS Secrets Manager, Kubernetes Secrets) using Airflow's connection or Variable reference features. Restrict Variable read permissions to only users and services that require them; use RBAC to segregate access.

Patch guidance

Apply Apache Airflow 3.2.2 or any later 3.x release; verify the patch via the Airflow release notes and security advisories on the Apache Airflow project page. If you are on Airflow 2.x, check the corresponding 2.x patch release timeline from Apache. Test the patch in a staging environment first to ensure no regressions in Variable masking behavior or API responses. After patching, no configuration changes are required for the fix to take effect; the masker will operate with the corrected depth handling on restart.

Detection guidance

Review Airflow Variable configurations (via the Airflow UI, API, or database queries) for any JSON-structured Variables containing keys matching password, token, secret, api_key, or similar patterns. Pay special attention to nested structures more than 2–3 levels deep. Check audit logs for Variable read access by users or service accounts; correlate with the presence of nested-secret Variables to identify potential exposure. Consider implementing a custom audit hook or Variable Serializer in Airflow to log all Variable access and flag reads of deep-nested structures. Monitor outbound API calls or database connections immediately after Variable read events as a sign of credential misuse.

Why prioritize this

Although the CVSS score of 6.5 reflects medium severity, this vulnerability warrants prompt attention because: (1) it is a residual gap in a prior security fix, signaling incomplete remediation; (2) it requires only read access to exploit, which is common in Airflow deployments; (3) plaintext secret exposure can cascade into compromise of downstream infrastructure; (4) it directly contradicts Airflow's documented masking feature, breaking security assumptions operators may rely on. Organizations that believed CVE-2026-32690 was fully addressed should re-evaluate their risk posture.

Risk score, explained

The CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N score of 6.5 reflects: network-accessible attack surface (AV:N), low attack complexity (AC:L), low privilege requirement (PR:L), high confidentiality impact (C:H), and no integrity or availability impact. The score is reasonable for a plaintext secret disclosure affecting authenticated users; it does not account for the likely high business impact of credential compromise. Organizations storing production secrets in Variables should treat this as higher priority than the CVSS alone suggests.

Frequently asked questions

Does this affect Airflow deployments that do not store secrets in Variables?

No. If you use Airflow's connection or variable reference features to pull secrets from external backends (HashiCorp Vault, AWS Secrets Manager, Kubernetes Secrets), this vulnerability does not apply. Only inline JSON Variables with deeply nested secret-pattern keys are at risk.

If I patched for CVE-2026-32690, do I need to patch again?

Yes. The prior fix addressed shallow-nesting cases but did not increase the recursion depth limit. This CVE exploits the boundary itself. You must upgrade to Apache Airflow 3.2.2 or later to fully close both shallow and deep-nesting paths.

Can an attacker harvest secrets without read permission?

No. The vulnerability requires valid Airflow credentials and explicit Variable read permission. An attacker without these permissions cannot trigger the masking bypass. However, many Airflow deployments grant read permission broadly to DAG developers and operators, making exposure likely in practice.

What should I do right now if I cannot patch immediately?

Audit your Variables for nested JSON containing password, token, secret, or api_key keys. Migrate high-value secrets to external secret backends and update Variable references accordingly. Restrict Variable read access to only essential users. Review recent Variable read logs to identify any suspicious access patterns.

This analysis is provided for informational purposes. Verify all patch versions, affected software configurations, and remediation steps against official Apache Airflow security advisories and release notes. No exploit code or weaponized proof-of-concept is included. Organizations should conduct their own risk assessment and testing before deploying patches in production. SEC.co makes no warranty regarding the completeness or accuracy of this intelligence and recommends consulting with Apache Airflow vendors and your own security team for deployment-specific guidance. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).