What is CVE-2026-27173?

CVE-2026-27173 is a high-severity vulnerability in Apache Software Foundation Airflow Cncf Kubernetes Provider, classified under Insertion of Sensitive Information into Externally-Accessible File or Directory. CVSS score: 8.7/10. Published 2026-05-19.

How severe is CVE-2026-27173?

High severity. CVSS v3 base score is 8.7 out of 10.

Information disclosure in Apache Software Foundation Airflow Cncf Kubernetes Provider

CVE-2026-27173

JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running t…

EPSS: 0.000 (2.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L.

Affected products

Apache Software Foundation Airflow Cncf Kubernetes Provider — versions 0

Weakness classification (CWE)

CWE-538 — Insertion of Sensitive Information into Externally-Accessible File or Directory

References

Frequently asked questions

What is CVE-2026-27173?: CVE-2026-27173 is a high-severity vulnerability in Apache Software Foundation Airflow Cncf Kubernetes Provider, classified under Insertion of Sensitive Information into Externally-Accessible File or Directory. CVSS score: 8.7/10. Published 2026-05-19.
How severe is CVE-2026-27173?: High severity. CVSS v3 base score is 8.7 out of 10.