CVE-2026-45360

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.2.2

Description The scheduler-side deadline-reference decoder (SerializedCustomReference.deserialize reference) imports and dispatches arbitrary class paths from serialized state controlled by a DAG author without using an allowlist or plugin-registry gate. In deployments where DAG-author code is less trusted than the scheduler process, such as single-host deployments where the DAG bundle is importable from the scheduler process, an attacker could embed a custom DeadlineReference. This allows the attacker to specify a controlled module path, leading the scheduler to execute import string(...) and instantiate the class with an active SQLAlchemy session attached.

Recommendations Upgrade to version 3.2.2 or later.