Airflow Scheduler Flaw Lets Attackers Run Code via CVE-2026-45360

A serious vulnerability has been identified in Apache Airflow, referenced as CVE-2026-45360, which involves a flaw in the scheduler's decoding mechanism for custom serialization tasks. This defect allows untrusted code to be executed without appropriate filtering, posing significant threats particularly in single-host deployments. Immediate action is required: organizations should upgrade to version 3.2.2 or later to mitigate risks. Additionally, network security teams are advised to tighten permissions for DAG authorship to prevent untrusted code execution.