CVE-2026-25219 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission c…
Unknown CVSS: -

CVE-2026-25219

The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure Service Bus used those properties to store sensitive values. Possibly other providers could be also affected if they used the same fields to store sensitive data.

If you used Azure Service Bus connection with those values set or if you have other connections with those values storing sensitve values, you should upgrade Airflow to 3.1.8
Vendor
-
Product
-
CWE
CWE-200
Yayın Tarihi
2026-04-15 13:16:24
Güncelleme
2026-04-15 18:16:42
Source Identifier
security@apache.org
KEV Date Added
-

Kategoriler

CWE-200 2026

Referanslar

https://github.com/apache/airflow/pull/61580 https://github.com/apache/airflow/pull/61582 https://lists.apache.org/thread/t4dlmqkn0njz4chk3g7mdgzb96y4ttqh http://www.openwall.com/lists/oss-security/2026/04/15/3