A vulnerability was found in Apache Airflow up to 3.2.1 . It has been declared as problematic . This impacts an unknown function of the component SMTP STARTTLS Connection Handler . Executing a manipulation can lead to improper certificate validation. This vulnerability appears as CVE-2026-49267 . The attack may be performed from remote. There is no available exploit. It is recommended to upgrade the affected component.