Information disclosure in Apache Software Foundation Airflow

CVE-2026-25219

The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidental…

Vulnerability class: Information Disclosure

EPSS: 0.000 (9.7th percentile) — read the EPSS interpretation.