CVE-2026-40861 | Apache Airflow up to 3.2.1 FileTaskHandler symlink

A vulnerability marked as critical has been reported in Apache Airflow up to 3.2.1. Affected is an unknown function of the component FileTaskHandler. The manipulation leads to symlink following.

This vulnerability is listed as CVE-2026-40861. The attack may be initiated remotely. There is no available exploit.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More