VDB
KO
HIGH 8.8

PYSEC-2026-773

Remote code execution in Apache Airflow Docker's Provider

Details

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host. Disable loading of example DAGs or upgrade apache-airflow-providers-docker to 3.0.0 or above.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / apache-airflow-providers-docker
Introduced in: 0 Fixed in: 3.0.0
Fix pip install --upgrade 'apache-airflow-providers-docker>=3.0.0'

References