CVE-2026-40948 | Apache Airflow Keycloak Provider up to 0.6.x OAuth Login cross-site request forgery

A vulnerability was found in Apache Airflow Keycloak Provider up to 0.6.x. It has been rated as problematic. This affects an unknown function of the component OAuth Login. Performing a manipulation results in cross-site request forgery.

This vulnerability was named CVE-2026-40948. The attack may be initiated remotely. There is no available exploit.

Upgrading the affected component is advised.VulDB Recent EntriesRead More