CVE-2026-30912

Low

Low Medium High Critical

CVSS Score

Published: Apr 18, 2026

Last Modified: Apr 18, 2026

Vulnerability Description

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.

References & Resources

https://github.com/apache/airflow/pull/63028
security@apache.org
https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9
security@apache.org
http://www.openwall.com/lists/oss-security/2026/04/17/5
af854a3a-2127-422b-91ae-364da2661108

Severity Details

out of 10.0

Low

Weakness Type (CWE)

CWE-668

Exposure of Resource to Wrong Sphere

Description: The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Typical Severity: Medium
Abstraction Level: Class

View CWE Details on MITRE

Key Information

Published Date: April 18, 2026

External Resources

NIST NVD

National Vulnerability Database

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages