A vulnerability was found in Apache Airflow up to 3.1.7 . It has been declared as critical . This affects an unknown part of the component Execution API . Executing a manipulation can lead to missing authorization. The identification of this vulnerability is CVE-2026-30911 . The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.