A vulnerability identified as problematic has been detected in Apache Airflow up to 3.1.7 . Impacted is an unknown function of the component FastAPI DagVersion Listing API . This manipulation causes incorrect permission assignment. This vulnerability is tracked as CVE-2026-26929 . The attack is possible to be carried out remotely. No exploit exists. You should upgrade the affected component.