Apache Airflow लॉगटेम्पलेट टेबल के माध्यम से वेब-सर्वर संदर्भ में कोड इंजेक्शन के प्रति संवेदनशील (Code Injection) है

The impact of CVE-2024-56373 is significant due to its potential for remote code execution. A successful exploit allows an attacker, already authenticated as a DAG Author, to gain complete control over the Airflow web server. This could lead to data breaches, system compromise, and the ability to execute arbitrary commands on the underlying infrastructure. The attack vector involves manipulating the database to inject malicious code that is then executed when historical task information is viewed. This bypasses normal authorization checks, as the attacker is already authenticated as a DAG Author, but leverages a flaw in the log template history feature. The blast radius extends beyond the Airflow environment itself, potentially impacting any systems accessible from the compromised web server.

Organizations utilizing Apache Airflow versions 2.9.3rc1 and earlier, particularly those with DAG Authors who have extensive permissions, are at significant risk. Shared hosting environments where multiple users have DAG Author roles should be especially vigilant, as a compromised account could impact the entire infrastructure. Environments relying on legacy configurations or custom log template history implementations are also more vulnerable.

• python / airflow:

import airflow
# Check Airflow version
print(airflow.__version__)
# Monitor database logs for suspicious queries related to log template history

• linux / server:

# Check Airflow process for unusual activity
ps aux | grep airflow
# Monitor Airflow logs for errors or suspicious entries
journalctl -u airflow -f

1. 2026-02-24Disclosure

   disclosure

1. आरक्षित2024-12-22
2. प्रकाशित2026-02-24
3. संशोधित2026-03-02
4. EPSS अद्यतन2026-03-23

The primary mitigation for CVE-2024-56373 is to upgrade to Apache Airflow version 2.11.1 or Airflow 3, which includes the necessary fixes. If immediate upgrading is not possible, disabling the log template history functionality can reduce the attack surface. This can be achieved by modifying the Airflow configuration. As a temporary workaround, manual modification of historical log file names can also mitigate the vulnerability. After upgrading, verify the fix by attempting to access historical task information as a DAG Author and confirming that no malicious code is executed. Monitor Airflow logs for any unusual activity or database manipulation attempts.