CVE-2026-45426
CVE-2026-45426 describes an authenticated Airflow worker with a valid Log-server JWT for at least one Dag who can abuse Python str.lstrip() in the JWT sub verification to access logs of other Dags. The left-stripping behavior treats a set of characters as deletable, not a prefix, enabling cross-D...