CVE-2026-40963 — The structure_data endpoint in the Airflow UI returned external dependency graph nodes for linked Dags without checking whether the caller had read permission on those linked Dags. An authenticated UI — CVE Database · The Intelligence Room