Ghostwire
Home / Vulnerabilities / CVE-2026-32228

CVE-2026-32228: UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate...

UNKNOWN CVSS 0.0

Published: April 18, 2026 | Last Modified: April 18, 2026

Description

UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

CVE Feed
CVE-2026-32228 - Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to

References