CVE-2026-49297: Apache Airflow Google provider path traversal via GCS object names
CVE-2026-49297 is verified against apache-airflow-providers-google · pip affected versions: before 22.2.1 (both bugs present in 22.0.0; GCSTimeSpanFileTransformOperator fixed in 22.1.0 via PR #67509; GCSToSFTPOperator fixed in 22.2.0 via PR #67667) fixed version: 22.2.1 vulnerability class: Path Traversal This medium reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00257.
pruva-verify REPRO-2026-00257 curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00257/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator join GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket can create an object whose name contains '..' segments and cause the DAG run to write the downloaded blob outside the configured destination (SFTP destination_path for GCSToSFTPOperator; worker-local temp directory for GCSTimeSpanFileTransformOperator), enabling arbitrary file overwrite on the SFTP server or worker host. Affects deployments that ingest from buckets writable by less-trusted principals. Fixed in apache-airflow-providers-google 22.2.1.
Variant analysis
The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.
Loading session...
Scripts, logs, diffs, and output captured during the reproduction.