← ExploitWatch
HomeExploited Vulnerabilities

CVE-2020-13927 — Actively Exploited: Airflow's Experimental API (Apache)

The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.

CVE IDCVE-2020-13927
VendorApache
ProductAirflow's Experimental API
Vulnerability nameApache Airflow's Experimental API Authentication Bypass
Date added2022-01-18
Remediation due2022-07-18
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionThe previous default setting for Airflow's Experimental API was to allow all API requests without authentication.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →