CVE-2026-42360: Apache Airflow Nested Template Secret Masking Bypass
Apache Airflow has a flaw in how it protects sensitive information embedded within complex data structures (like JSON templates). When a workflow template is large enough to exceed Airflow's size limit for storing template data, the system converts it to plain text before masking secrets—a process that loses track of nested sensitive fields like passwords, tokens, and API keys. An authenticated user with access to read stored template fields could then retrieve these unmasked secrets. The issue affects Airflow deployments where workflow authors pass structured data containing nested sensitive values to operators. Even organizations that patched a related vulnerability (CVE-2025-68438) last year need to apply this additional update, as that earlier fix did not address this specific nested-key masking gap.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 6.5 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Weaknesses (CWE)
- CWE-200
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-06-01 / 2026-06-17
NVD description (verbatim)
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g. nested `password` / `token` / `secret` / `api_key` keys inside a JSON template structure) to be bypassed when the rendered field exceeded `[core] max_templated_field_length`: Airflow stringified the structure before redaction, losing the nested key context, and persisted the plaintext value into `rendered_fields`. An authenticated UI/API user with permission to read rendered template fields could harvest secret values intended to be masked. Affects deployments where Dag authors pass structured JSON to operators with nested sensitive keys. This is a variant of `CWE-200` previously addressed for the user-registered `mask_secret()` patterns in CVE-2025-68438; that fix did not cover the nested sensitive-keyword allowlist. Users who already upgraded for CVE-2025-68438 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the nested-key path.
2 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
The vulnerability stems from the order of operations in Airflow's rendered-template field handling. When a template structure exceeds the `[core] max_templated_field_length` threshold, Airflow serializes the entire structure to a string before applying redaction logic. This stringification process destroys the structural context that the sensitive-keyword masking allowlist (covering keys named `password`, `token`, `secret`, `api_key`, etc.) relies upon to identify nested sensitive fields. The plaintext serialized value is then persisted into `rendered_fields` with nested sensitive keys left unmasked. An authenticated user or API caller with read permissions to the `rendered_fields` table or endpoint can extract these unmasked secrets. This is distinct from the earlier CVE-2025-68438, which addressed a similar issue in user-registered custom masking patterns; the nested-keyword allowlist was not covered by that prior fix. Remediation requires upgrading to a patched version that performs redaction before serialization or uses a serialization strategy that preserves structural context.
Business impact
For Airflow deployments handling sensitive data in structured templates—such as cloud credentials, API tokens, or database passwords nested within JSON operator parameters—this vulnerability creates a confidentiality breach risk. Authenticated insiders with dashboard or API read access can discover secrets that should have been redacted. The impact depends on deployment posture: air-gapped environments with strict access controls face lower risk, while cloud-hosted or multi-tenant Airflow instances with broader user bases face higher exposure. Organizations must assume that any nested secrets in large templates stored before patching may have been disclosed. This is particularly concerning for teams using Airflow to orchestrate data pipelines across cloud platforms or third-party services, where exposed credentials can compromise downstream systems.
Affected systems
Apache Airflow deployments are affected, particularly those where DAG authors pass nested JSON or other structured data (containing sensitive keys) to operators, and where template size frequently exceeds the configured `max_templated_field_length`. The vulnerability does not require specific Airflow versions to be named here without vendor confirmation; however, the advisory indicates that versions prior to 3.2.2 are vulnerable and that prior patches for CVE-2025-68438 do not address this issue. Confirm exact affected and patched version ranges against the official Apache Airflow security advisory.
Exploitability
Exploitation requires authentication (valid Airflow UI login or API credentials) and explicit read permissions on rendered template fields. It is not remotely exploitable without valid credentials, and exploitation is limited to users already granted access to view DAG and task metadata. The attack is straightforward once access is obtained: an authenticated user simply reads the `rendered_fields` column or calls the corresponding API endpoint to retrieve template data containing unmasked secrets. No complex manipulation, race conditions, or special timing is required. For this reason, the CVSS score reflects a medium severity: network-accessible, low attack complexity, but gated behind authentication and requiring specific permissions.
Remediation
Organizations must upgrade Apache Airflow to version 3.2.2 or later (or verify the specific patched version against the official Apache Airflow advisory). This is a mandatory upgrade for any deployment where nested sensitive keys in templates are a concern. After patching, conduct a security review of any logs, backups, or archived `rendered_fields` that may contain plaintext secrets collected during the vulnerable window. Consider rotating credentials that may have been exposed. For deployments unable to upgrade immediately, implement access controls to restrict who can read `rendered_fields` data, and monitor access logs for suspicious queries. Do not rely on prior CVE-2025-68438 patches as a complete mitigation for this variant.
Patch guidance
Upgrade to Apache Airflow 3.2.2 or later, following the vendor's installation and upgrade procedures. Verify the patch version against the official Apache Airflow security advisory. If your deployment is on a managed platform (e.g., Cloud Composer, MWAA), check the platform's release notes to confirm when the patched version is available. Test the upgrade in a non-production environment first to validate DAG compatibility and performance. After upgrading, restart all Airflow scheduler and webserver instances to ensure the patched code is in use.
Detection guidance
Review `rendered_fields` data in your Airflow metadata database for plaintext occurrences of known sensitive patterns (e.g., `"password":"..."`, `"token":"..."`, `"api_key":"..."`). Audit access logs (webserver and API logs) for users who accessed rendered template data, especially in the months before patching. Monitor for unusual read patterns on the `rendered_fields` table. In future deployments, configure restricted database access and enforce principle of least privilege on who can view template metadata. Consider enabling Airflow's audit logging features (if available in your version) to track access to sensitive rendered fields.
Why prioritize this
This vulnerability warrants priority patching because it represents a direct confidentiality breach affecting secrets in production data pipelines. Although it requires authentication, the barrier is low in multi-user environments or where internal users have broad access. The variant-nature of the issue—a missed case in a prior security fix—suggests that some organizations may believe they are already protected by CVE-2025-68438 patches and may deprioritize this update. Early patching limits the window during which nested secrets are at risk of disclosure.
Risk score, explained
The CVSS 3.1 score of 6.5 (MEDIUM) reflects: network-accessible attack surface (AV:N), low attack complexity (AC:L), requirement for valid authentication and permissions (PR:L), no user interaction needed (UI:N), single system impact (S:U), high confidentiality impact (C:H, secrets disclosed), no integrity or availability impact (I:N/A:N). The score is not higher because exploitation is gated behind authentication; however, in environments with many users or broad permission grants, this protective boundary is weak. For high-sensitivity deployments, treat this as having greater business criticality than the base CVSS suggests.
Frequently asked questions
Does this affect us if we have already patched CVE-2025-68438?
No, not automatically. CVE-2025-68438 addressed custom masking patterns registered by users; this vulnerability is about nested sensitive-keys in Airflow's built-in allowlist. Organizations patched for the prior CVE should verify whether they are running 3.2.2 or later to close this separate gap. Check your deployed version and consult the official Apache Airflow advisory for exact version boundaries.
How do we know if we have nested sensitive keys in our templates?
Examine your DAGs and operators to see if any pass JSON, dictionaries, or other structured data containing fields named `password`, `token`, `secret`, or `api_key` to operators. If templates containing these nested keys are large (exceeding `max_templated_field_length`), they are vulnerable. A database query on `rendered_fields` searching for these keywords in plaintext can confirm exposure.
What if we cannot upgrade immediately?
Restrict database and API access to `rendered_fields` to a minimal set of administrators. Disable the rendered fields web UI display if it is not essential for operations. Monitor all reads of the `rendered_fields` table. Plan an urgent upgrade window; this issue affects confidentiality of live credentials, so delay carries risk.
What should we do with secrets that may have been exposed?
Conduct a mandatory credential rotation for any secrets that appeared in large templates during the vulnerable period. Review access logs to determine who may have viewed the data, and notify security teams for investigation. If secrets are shared across multiple systems, rotate them in all dependent systems to minimize blast radius.
This analysis is provided for informational purposes to support vulnerability assessment and patch planning. It is not a substitute for official vendor advisories or guidance from Apache Airflow. Verify all patch versions, affected product versions, and remediation steps against the official Apache Airflow security advisory before taking action. SEC.co makes no warranty as to the accuracy or completeness of this summary. Organizations are responsible for assessing their own exposure and compliance requirements. Source: NVD (public-domain), retrieved 2026-07-07. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-42358MEDIUMApache Airflow Secret Masking Bypass for Deeply Nested JSON Variables
- CVE-2026-10254MEDIUMUnauthenticated Information Disclosure in SourceCodester Pet Grooming Software
- CVE-2026-10854MEDIUMMISP Galaxy Visibility Control Bypass – Unauthorized Private Metadata Access
- CVE-2026-10864MEDIUMMISP Dashboard Widget Field Filtering Bypass (Medium)
- CVE-2026-2128MEDIUMBreeze WordPress Plugin Cache Information Disclosure (v2.5.2 and earlier)
- CVE-2026-28511MEDIUMeLabFTW Information Disclosure – Title Exposure via Cross-Scope Search
- CVE-2026-36602MEDIUMMercusys AC12G Kernel Memory Disclosure via UPnP
- CVE-2026-36615MEDIUMMercusys AC12G (EU) Unauthenticated Information Disclosure via /agileconfigreset Endpoint