Description

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o notice. This issue affects Apache Airflow Provider for Databricks: from 1.10.0 before 1.12.0. Users are recommended to upgrade to version 1.12.0, which fixes the issue.

INFO

Published Date :

2026-03-30T21:43:38.144Z

Last Modified :

2026-03-31T13:31:19.039Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2026-32794 vulnerability.

Vendors Products
Apache
  • Airflow Provider For Databricks
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-32794.

URL Resource
http://www.openwall.com/lists/oss-security/2026/03/30/9 cve-icon
https://github.com/apache/airflow/pull/63704 cve-icon cve-icon
https://lists.apache.org/thread/hn17yqsgsdtl81llvhf80rkp53hnz5nb cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System