{
  "claim_outcome": "confirmed",
  "claim_block_reason": null,
  "repro_result": "confirmed",
  "validated_surface": "library_api",
  "evidence_scope": "realistic_harness",
  "claimed_impact_class": "code_execution",
  "observed_impact_class": "code_execution",
  "exploitability_confidence": "high",
  "attacker_controlled_input": "serialized DAG content with an airflow_exc_ser node whose exc_cls_name points to an attacker-controlled module",
  "trigger_path": "airflow.serialization.serialized_objects.BaseSerialization.deserialize()",
  "end_to_end_target_reached": true,
  "sanitizer_used": false,
  "crash_observed": false,
  "read_write_primitive_observed": false,
  "exploit_chain_demonstrated": true,
  "blocking_mitigation": null,
  "inferred": false,
  "variant_type": "bypass",
  "notes": "Apache Airflow 3.3.0 (the patched release for CVE-2026-33264) was confirmed to still import and execute attacker-controlled module code via the unprotected DAT.AIRFLOW_EXC_SER branch in BaseSerialization.deserialize(). The original base_trigger path is blocked on 3.3.0, but the airflow_exc_ser path bypasses the fix."
}
