Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation

Cybersecurity researchers discovered three vulnerabilities in Microsoft’s Azure Data Factory Apache Airflow integration, including misconfigured Kubernetes RBAC and weak authentication for Azure’s internal Geneva service. These flaws could allow attackers to gain unauthorized access to the entire Airflow cluster, potentially leading to data exfiltration and malware deployment. Microsoft has updated its documentation to address the access policy risk highlighted in the Key Vault privilege escalation scenario.