{"schema_version": "1.6.1", "id": "CVE-2025-62402", "summary": "Airflow 3 API: /api/v2/dagReports executes DAG Python in API", "details": "API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.", "affected": [{"ranges": [{"type": "SEMVER", "events": [{"introduced": "3.0.0"}, {"fixed": "3.1.1"}]}]}], "references": [{"type": "WEB", "url": "https://lists.apache.org/thread/vbzxnxn031wb998hsd7vqnvh4z8nx6rs"}]}