In Apache Cassandra versions 5.0 high severity vulnerability CVE-2026-27314 was detected. This vulnerability allows attackers with CREATE permissions to associate their certificate identity with an arbitrary role, including superuser roles, and authenticate as that role via the ADD IDENTITY command. To address this issue users must upgrade to 5.0.7+ version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-27314.
Read more DatabaseIn Apache Airflow versions 3.0.0 before 3.2.0 medium severity vulnerability CVE-2025-57735 was detected. This vulnerability allows attackers to reuse a JWT token that was not properly invalidated after a user logged out, provided the token was intercepted. To address this issue users must upgrade to 3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-57735.
Read more Data AnalyticsIn Apache Airflow versions prior to 3.2.0 low severity vulnerability CVE-2025-54550 was detected. This vulnerability allows attackers to perform arbitrary execution of code on the worker if a UI user with XCom modification access exploits an unsafe reading pattern based on documentation examples. To address this issue users must upgrade to 3.2.0 version documentation standards and adjust their implementations accordingly. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-54550.
Read more Data AnalyticsIn Apache Airflow versions 3.0.0 through 3.1.8 high severity vulnerability CVE-2026-34538 was detected. This vulnerability allows attackers with low-privilege access (such as the Viewer role) to bypass authorization and retrieve sensitive XCom result values via the DagRun wait endpoint, which should be restricted under the FAB RBAC model. To address this issue users must upgrade to 3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-34538.
Read more Data AnalyticsIn Apache Airflow versions 3.1.8 before 3.2.0 low severity vulnerability CVE-2026-33858 was detected. This vulnerability allows attackers (specifically DAG Authors) to execute arbitrary code in the webserver context by crafting malicious XCom payloads that bypass legacy serialization key protections. To address this issue users must upgrade to 3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-33858.
Read more Data AnalyticsIn Apache Airflow versions 3.0.0 before 3.2.0 medium severity vulnerability CVE-2025-57735 was detected. This vulnerability allows attackers to reuse intercepted JWT tokens because the system failed to invalidate them after a user logged out. To address this issue users must upgrade to 3.2.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-57735.
Read more Data AnalyticsIn Apache Airflow versions prior to 3.2.0 medium severity vulnerability CVE-2025-66236 was detected. This vulnerability allows attackers to view secrets from the Airflow configuration file which were logged in plain text within the DAG run logs UI due to insufficient security model clarity and workload isolation. To address this issue users must upgrade to 3.2.0 version and follow the updated security model guidelines. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-66236.
Read more Data AnalyticsIn LiteLLM versions prior to 1.83.0 high severity vulnerability CVE-2026-35030 was detected. This vulnerability allows attackers to bypass authentication via an OIDC userinfo cache key collision by crafting a token whose first 20 characters match a legitimate user’s cached token. To address this issue users must upgrade to the 1.83.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35030.
Read more Data AnalyticsIn LiteLLM versions prior to 1.83.0 critical severity vulnerability CVE-2026-35029 was detected. This vulnerability allows attackers to use the /config/update endpoint to modify proxy configurations, achieve remote code execution through custom handlers, read arbitrary server files, and take over privileged accounts by overwriting environment variables. To address this issue users must upgrade to the 1.83.0 version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-35029.
Read more Data Analytics