A vulnerability marked as critical has been reported in Apache Airflow up to 3.2.1 . Affected is an unknown function of the component FileTaskHandler . The manipulation leads to symlink following. This vulnerability is listed as CVE-2026-40861 . The attack may be initiated remotely. There is no available exploit. It is suggested to upgrade the affected component.