{"uuid": "f726afa5-65ce-4b64-bdc6-25b05107873e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-33264", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mq2fkleckz23", "content": "CVE-2026-33264: Apache Airflow &lt;3.3.0 has a CRITICAL deserialization bug \u2014 DAG authors could trigger RCE on Scheduler/API Server. Upgrade to 3.3.0+ and restrict deserialization classes now. https://radar.offseq.com/threat/cve-2026-33264-cwe-502-deserialization-of-untruste-8bbc1aa55d6c3415 #OffSeq...", "creation_timestamp": "2026-07-07T10:30:27.679495Z"}