CVE-2026-41017 | Apache Airflow up to 3.2.1 JWTRefreshMiddleware missing secure attribute

A vulnerability, which was classified as problematic, has been found in Apache Airflow up to 3.2.1. This vulnerability affects unknown code of the component JWTRefreshMiddleware. Performing a manipulation results in sensitive cookie without secure attribute.

This vulnerability is reported as CVE-2026-41017. The attack is possible to be carried out remotely. No exploit exists.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More