A vulnerability, which was classified as problematic , was found in Apache Airflow up to 3.1.7 . This impacts an unknown function of the component HTTP Request Header Handler . The manipulation results in exposure of resource. This vulnerability is known as CVE-2026-28779 . It is possible to launch the attack remotely. No exploit is available. You should upgrade the affected component.