CVE-2023-22884

CRITICAL LAB

Apache Airflow < 2.5.1 and Apache Airflow MySQL Provider < 4.0.0 - Command Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-22884. PoCs published by jakabakos.

AI-analyzed exploit summary This repository contains a functional exploit PoC for CVE-2023-22884, an SQL injection vulnerability in Apache Airflow that can lead to remote code execution. The exploit leverages the `LOAD DATA LOCAL INFILE` statement in MySQL to execute arbitrary commands on the underlying system.

Description

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.

Exploits (1)

nomisec WORKING POC 9 stars

by jakabakos · poc

https://github.com/jakabakos/CVE-2023-22884-Airflow-SQLi

View Code ZIP pw:eip

This repository contains a functional exploit PoC for CVE-2023-22884, an SQL injection vulnerability in Apache Airflow that can lead to remote code execution. The exploit leverages the `LOAD DATA LOCAL INFILE` statement in MySQL to execute arbitrary commands on the underlying system.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Apache Airflow versions prior to 2.5.1

Auth required

Prerequisites: Valid Airflow credentials · MySQL provider configured in Airflow · Access to the Airflow web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Third Party Advisory patch

https://github.com/apache/airflow/pull/28811

Mailing List, Third Party Advisory vendor-advisory

https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h

Scores

CVSS v3 9.8

EPSS 0.7629

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Lab Environment

COMMUNITY

Community Lab

docker pull apache/airflow:2.5.0

https://github.com/jakabakos/CVE-2023-22884-Airflow-SQLi

View in Library

Details

CWE

CWE-77

Status published

Products (4)

apache/airflow < 2.5.1

apache/apache-airflow-providers-mysql < 4.0.0

pypi/apache-airflow 0 - 2.5.1PyPI

pypi/apache-airflow-providers-mysql 0 - 4.0.0PyPI

Published Jan 21, 2023

Tracked Since Feb 18, 2026