Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
AI Used in Ticketmaster Attack to Score Free Tickets
July 3, 2026
Anthropic Details Claude 3.5 Sonnet Safeguards and Jailbreak Framework
July 3, 2026
Google Disrupts NetNut Residential Proxy Botnet Exploiting 2 Million Devices
July 3, 2026
Home/CyberSecurity News/Apache Airflow Vulnerabilities Enables Expose of Sensitive Data
CyberSecurity News

Apache Airflow Vulnerabilities Enables Expose of Sensitive Data

Multiple vulnerabilities in Apache Airflow versions preceding 3.1.6 can expose sensitive authentication credentials and secrets within logs and user interfaces. Both issues stem from inadequate...

Marcus Rodriguez
Marcus Rodriguez
January 20, 2026 2 Min Read
34 0

Multiple vulnerabilities in Apache Airflow versions preceding 3.1.6 can expose sensitive authentication credentials and secrets within logs and user interfaces.

Both issues stem from inadequate masking of sensitive data during rendering and logging operations, potentially compromising proxy credentials and database secrets in production environments.

Proxy Credentials Leak in Task Logs

The first vulnerability, CVE-2025-68675, affects all versions of Apache Airflow before 3.1.6. The flaw resides in how Airflow handles proxy configurations within Connection objects.

Proxy URLs often contain embedded authentication credentials in the format http://username:password@proxy-host:port.

However, the proxies and proxy fields were not marked as sensitive, preventing Airflow’s automatic log masking from obfuscating these credentials when connections are rendered or logged during task execution.

This creates a significant exposure vector because task logs are frequently accessed by multiple team members, stored in centralized logging systems, and archived for compliance purposes.

VE ID Affected Versions Severity Exposure Method
CVE-2025-68675 <3.1.6 Low Task logs
CVE-2025-68438 3.1.0-3.1.6 Low Rendered Templates UI

An attacker or unauthorized user with read access to logs could extract proxy credentials and leverage them to intercept or redirect network traffic from affected workflows.

Organizations running tasks that utilize proxy-authenticated connections face a heightened risk of credential compromise.

Secrets Exposure in UI

CVE-2025-68438 introduces a different but equally problematic exposure path.

When rendered template fields exceed the configured [core] max_templated_field_length threshold, the serialization process uses a secrets masker instance that lacks user-registered mask_secret() patterns.

This means that custom-registered secret patterns are not applied before field truncation and are displayed in the Rendered Templates UI.

Consequently, sensitive values stored in templated fields, such as API keys, database passwords, or encrypted tokens, may appear in cleartext in the web interface.

The truncation operation occurs after serialization but before masking completion, exposing portions of secrets to any user with access to the Airflow web UI.

Both vulnerabilities require authentication to the Airflow environment, but also represent insider threats and lateral movement risks.

Organizations with strict log retention policies face extended exposure windows, as leaked credentials may remain accessible in archived logs indefinitely.

Apache Airflow 3.1.6 addresses both issues by properly designating proxy fields as sensitive and ensuring user-registered mask patterns apply before template truncation.

All affected users should upgrade immediately. For environments unable to upgrade promptly, implementing restrictive access controls on log systems and the Airflow web UI provides temporary mitigation.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackCVEThreatVulnerability

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

NCSC Warns of Hacktivist Groups Attacking UK Organisations and Online Services

Next Post

New Spear Phishing Attack Leveraging Argentine Federal Court Rulings to Covert RAT for Remote Access

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
New Microsoft 365 Phishing Uses OAuth Device Code Flow to Steal Tokens
July 2, 2026
Critical Claude Cowork Sandbox Vulnerability Lets Attackers Run Commands as Root
July 2, 2026
Ousaban Malware Targets Iberian Banks with Phishing PDFs and VBS Downloader
July 2, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us