Platform
python
Component
apache-airflow
Fixed in
2.11.1
2.11.1
CVE-2024-56373 describes a remote code execution (RCE) vulnerability in Apache Airflow. An authenticated DAG Author, possessing elevated privileges, can exploit a flaw in the log template history functionality to manipulate the Airflow database. This manipulation allows the attacker to execute arbitrary code within the web-server context, potentially compromising the entire system. The vulnerability affects versions of Apache Airflow up to and including 2.9.3rc1; upgrading to version 2.11.1 or Airflow 3 resolves the issue.
The impact of CVE-2024-56373 is significant due to its potential for remote code execution. A successful exploit allows an attacker, already authenticated as a DAG Author, to gain complete control over the Airflow web server. This could lead to data breaches, system compromise, and the ability to execute arbitrary commands on the underlying infrastructure. The attack vector involves manipulating the database to inject malicious code that is then executed when historical task information is viewed. This bypasses normal authorization checks, as the attacker is already authenticated as a DAG Author, but leverages a flaw in the log template history feature. The blast radius extends beyond the Airflow environment itself, potentially impacting any systems accessible from the compromised web server.
CVE-2024-56373 was published on 2026-02-24. The vulnerability's exploitation context is currently unclear; no public proof-of-concept (PoC) has been released. The EPSS score is pending evaluation. It is recommended to prioritize patching due to the potential for remote code execution.
Exploit Status
EPSS
0.03% (10% percentile)
CVSS Vector
The primary mitigation for CVE-2024-56373 is to upgrade to Apache Airflow version 2.11.1 or Airflow 3, which includes the necessary fixes. If immediate upgrading is not possible, disabling the log template history functionality can reduce the attack surface. This can be achieved by modifying the Airflow configuration. As a temporary workaround, manual modification of historical log file names can also mitigate the vulnerability. After upgrading, verify the fix by attempting to access historical task information as a DAG Author and confirming that no malicious code is executed. Monitor Airflow logs for any unusual activity or database manipulation attempts.
Update Apache Airflow to version 2.11.1 or higher. If you want to continue using log template history, update to Airflow 3. You can also manually modify historical log file names if you want to see historical logs that were generated before the last log template change.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-56373 is a remote code execution vulnerability in Apache Airflow affecting versions up to 2.9.3rc1. A DAG Author can manipulate the database to execute arbitrary code.
You are affected if you are running Apache Airflow versions 2.9.3rc1 or earlier and have DAG Authors with elevated privileges.
Upgrade to Apache Airflow version 2.11.1 or Airflow 3. Alternatively, disable the log template history functionality as a temporary workaround.
Currently, there is no public evidence of active exploitation, but the vulnerability's potential impact warrants immediate attention and patching.
Refer to the Apache Airflow security advisories on the Apache project website for the latest information and updates: https://airflow.apache.org/security
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.