CVE-2020-13927
Apache Airflow's Experimental API Authentication Bypass
CVSS
—
No CVSS
EPSS
99.7%
p100
KEV
YES
Jan 18, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
99.7%EPSS · 30 days99.8%
2026-06-302026-07-16
Product
Apache / Airflow's Experimental API
Vulnerability
Apache Airflow's Experimental API Authentication Bypass
Added to KEV
Jan 18, 2022
Remediate by
Jul 18, 2022
Known ransomware use
No
Summary description
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-13927
No related CVEs by CWE or product.