Home

Description

A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authenticated UI/API user with XCom write permission on a Dag to set XCom entries under reserved key names (e.g. `return_value`) that the matching POST endpoint already validated against `FORBIDDEN_XCOM_KEYS`. The endpoint also accepted serialized payload shapes the triggerer's deserializer treats as code; combined, this allowed RCE on the triggerer when the affected task next deferred. Affects deployments where untrusted users have XCom write permission on Dags that defer to the triggerer. This is a fix-bypass of CVE-2026-33858: PR #64148 added the `FORBIDDEN_XCOM_KEYS` validator only on the POST/set path; the PATCH path was not covered. Users who already upgraded for CVE-2026-33858 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the PATCH-path bypass.

PUBLISHED Reserved 2026-04-26 | Published 2026-06-01 | Updated 2026-06-02 | Assigner apache

Problem types

CWE-502: Deserialization of Untrusted Data

Product status

Default status
unaffected

3.2.0 (semver) before 3.2.2
affected

Credits

Jeff Vier (@boinger) finder

Anisto Mejin (Izat) finder

Venkatraman Kumar (r3dw0lfsec), Securin finder

Jarek Potiuk remediation developer

References

github.com/apache/airflow/pull/65915 patch

lists.apache.org/thread/g8dqykpf1p90tysq8tln4qtkqwb1038s vendor-advisory

www.cve.org/CVERecord?id=CVE-2026-33858 related

cve.org (CVE-2026-42359)

nvd.nist.gov (CVE-2026-42359)

Download JSON