CVE-2026-42252 | Apache Airflow up to 3.2.1 BashOperator dag_run.conf special elements used in a template engine

A vulnerability has been found in Apache Airflow up to 3.2.1 and classified as critical. Impacted is an unknown function of the file dag_run.conf of the component BashOperator. The manipulation leads to improper neutralization of special elements used in a template engine.

This vulnerability is traded as CVE-2026-42252. It is possible to initiate the attack remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More