{"uuid": "40625e39-10fd-4ea9-862c-e87809332be5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33264", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116878227880912732", "content": "CVE-2026-33264: Apache Airflow &lt;3.3.0 has a CRITICAL deserialization flaw. DAG authors can trigger remote code execution on Scheduler/API Server. Upgrade to 3.3.0+ and restrict allowed_deserialization_classes. Details: https://radar.offseq.com/threat/cve-2026-33264-cwe-502-deserialization-of-untruste-8bbc1aa55d6c3415 #OffSeq #Airflow #Infosec #CVE202633264", "creation_timestamp": "2026-07-07T10:30:26.100516Z"}