A vulnerability was found in Apache Airflow up to 3.15.0 . It has been classified as problematic . The affected element is the function FTPSHook.get_conn of the component FTP Provider . Performing a manipulation results in cleartext transmission of sensitive information. This vulnerability is reported as CVE-2026-49486 . The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.