{"schema_version": "1.6.1", "id": "CVE-2026-27173", "summary": "JWT Token Exposure in KubernetesExecutor Command-Line Arguments", "details": "JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of Airflow Database for tasks.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "0"}, {"fixed": "10.17.0"}]}]}], "references": [{"type": "WEB", "url": "https://github.com/apache/airflow/pull/60108"}, {"type": "WEB", "url": "https://lists.apache.org/thread/pk3m2z4s2rkmc0v6gh9hnch9spc6stqw"}]}