Path Traversal Vulnerability in Apache Airflow Samba Provider
CVE-2026-49818
6.5MEDIUM
What is CVE-2026-49818?
The Apache Airflow Samba provider contains a vulnerability in the GCSToSambaOperator that permits path traversal. Specifically, the operator improperly joins Google Cloud Storage (GCS) object names to the SMB destination path without validating the containment of these paths. This oversight allows an attacker with write access to the GCS bucket to leverage specially crafted object names containing ../ segments, potentially leading to arbitrary file writes on the Samba target. It is crucial to upgrade to version 4.12.6 or later of the apache-airflow-providers-samba to ensure that the resolved destination paths remain within the intended destination_path.
Affected Version(s)
Apache Airflow Samba provider 0 < 4.12.6