CVE-2026-32794
Improper Certificate Validation in Apache Airflow Databricks Provider Enables MITM
Publication date: 2026-03-30
Last updated on: 2026-04-02
Assigner: Apache Software Foundation
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | airflow_providers_databricks | From 1.10.0 (inc) to 1.12.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-295 | The product does not validate, or incorrectly validates, a certificate. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Certificate Validation issue in the Apache Airflow Provider for Databricks. The provider's code did not properly validate SSL/TLS certificates when establishing connections to the Databricks back-end.
Because of this, an attacker could perform a man-in-the-middle (MITM) attack, intercepting and potentially manipulating the traffic or stealing credentials without the user's knowledge.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to intercept and manipulate the data transmitted between Apache Airflow and Databricks, potentially leading to unauthorized access to sensitive information.
Credentials could be exfiltrated without notice, which may result in further compromise of systems or data breaches.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, users are recommended to upgrade the Apache Airflow Provider for Databricks to version 1.12.0 or later, as this version fixes the improper certificate validation issue.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in Apache Airflow Provider for Databricks involves improper certificate validation, which can lead to man-in-the-middle attacks where traffic is intercepted, manipulated, or credentials exfiltrated without notice.
Such unauthorized interception and potential credential compromise could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require the protection of sensitive data and secure communication channels.
However, specific impacts on compliance are not detailed in the provided information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is related to improper TLS certificate validation in the Apache Airflow Provider for Databricks versions from 1.10.0 before 1.12.0. Detection involves identifying if your system is running a vulnerable version of this provider.
To detect if the vulnerable version is in use, you can check the installed version of the Apache Airflow Databricks provider package.
- Run the command: pip show apache-airflow-providers-databricks
- Or check the version in your environment with: pip list | grep airflow-providers-databricks
If the version is between 1.10.0 and before 1.12.0, your system is vulnerable.
Additionally, since the vulnerability involves unverified TLS connections, network detection could involve monitoring for suspicious man-in-the-middle activity or unexpected certificate warnings during connections to the Databricks backend, but no specific network commands or signatures are provided in the available resources.