CVE-2026-48891
A vulnerability in Apache Airflow affects the UI at /ui/dependencies where the scheduling graph endpoint applies the caller’s readable-Dag filter to the top-level Dag key but still exposes Dag IDs in dep.source and dep.target for trigger/sensor entries. An authenticated UI user with read access t...