A vulnerability, which was classified as problematic, has been found in Apache Airflow up to 3.2.x. Affected by this vulnerability is an unknown functionality of the component REST API. Performing a manipulation results in information disclosure.

This vulnerability is cataloged as CVE-2026-49487. It is possible to initiate the attack remotely. There is no exploit available.