Apache Apache-airflow-providers-cncf-kubernetes — known CVE vulnerabilities
Every CVE whose affected-product data names Apache Apache-airflow-providers-cncf-kubernetes, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2026-27173 — CVSS 8.7 (high): JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This…
CVE-2023-33234 — CVSS 7.2 (high): Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources…
CVE-2023-51702 — CVSS 6.5 (medium): Since version 5.2.0, when using deferrable mode with the path of a Kubernetes configuration file for authentication, the Airflow worker…