CVE-2026-40690 - Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users
CVE ID :CVE-2026-40690 Published : April 24, 2026, 1:16 p.m. | 1 hour, 1 minute ago Description :The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deploymen
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] West Brom given points deduction for breaching EFL financial rules
- [CYBER] Exploit su LMDeploy CVE-2026-33626: attacco SSRF immediato dopo disclosure
- [CYBER] Exploiting a new vulnerability that targets 'zombie' cells as an anticancer therapy
- [CYBER] UN Says Israeli Strikes in Lebanon, Hezbollah Rockets into Israel May Breach International Law
- [CYBER] Google took 70 days to remove "Music Downloader - VKsaver" after it was publicly disclosed as malware
- [CYBER] 🎸 Noah Kahan hopes to inspire honesty and vulnerability