A vulnerability labeled as critical has been found in Apache Airflow up to 3.2.1 . Affected by this issue is the function revoke_token of the component FabAuthManager/KeycloakAuthManager . The manipulation results in improper access controls. This vulnerability is identified as CVE-2026-48726 . The attack can be executed remotely. There is not any exploit available. The affected component should be upgraded.