CVE-2026-49297
The CVE-2026-49297 issue affects Apache Airflow's Google provider, specifically GCSToSFTPOperator and GCSTimeSpanFileTransformOperator. The bug stems from joining GCS object names returned by the bucket listing API directly to a destination filesystem path without normalization or containment che...