Home / Vulnerability Intelligence / CVE-2026-32794

CVE-2026-32794 - Vulnerability Analysis

N/a

Last Updated: March 31, 2026

Apache Airflow Provider for Databricks - Insecure Certificate Validation

Published: March 30, 2026Updated: March 31, 2026PoC Available

Overview

Apache Airflow Provider for Databricks >= 1.10.0 < 1.12.0 contains an insecure certificate validation vulnerability caused by lack of certificate validation in connections to Databricks back-end, letting attackers perform man-in-the-middle attacks, exploit requires network access to intercept traffic.

Severity & Score

Severity: N/a

Impact

Attackers can intercept and manipulate traffic or exfiltrate credentials via man-in-the-middle attacks.

Mitigation

Upgrade to version 1.12.0.

References

https://github.com/apache/airflow/pull/63704
https://lists.apache.org/thread/hn17yqsgsdtl81llvhf80rkp53hnz5nb
http://www.openwall.com/lists/oss-security/2026/03/30/9

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-32794
Severity: N/a
Type: misconfiguration
Status: new

CWE

CWE-295

CVSS Metrics

N/A