CVE-2026-32794
Received Received - Intake
Improper Certificate Validation in Apache Airflow Databricks Provider Enables MITM

Publication date: 2026-03-30

Last updated on: 2026-04-02

Assigner: Apache Software Foundation

Description
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o notice. This issue affects Apache Airflow Provider for Databricks: from 1.10.0 before 1.12.0. Users are recommended to upgrade to version 1.12.0, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-30
Last Modified
2026-04-02
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32794
EUVD
EUVD-2026-17219
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache airflow_providers_databricks From 1.10.0 (inc) to 1.12.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-295 The product does not validate, or incorrectly validates, a certificate.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in Apache Airflow Provider for Databricks involves improper certificate validation, which can lead to man-in-the-middle attacks where traffic is intercepted, manipulated, or credentials exfiltrated without notice.

Such unauthorized interception and potential credential compromise could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require the protection of sensitive data and secure communication channels.

However, specific impacts on compliance are not detailed in the provided information.

Detection Guidance

This vulnerability is related to improper TLS certificate validation in the Apache Airflow Provider for Databricks versions from 1.10.0 before 1.12.0. Detection involves identifying if your system is running a vulnerable version of this provider.

To detect if the vulnerable version is in use, you can check the installed version of the Apache Airflow Databricks provider package.

  • Run the command: pip show apache-airflow-providers-databricks
  • Or check the version in your environment with: pip list | grep airflow-providers-databricks

If the version is between 1.10.0 and before 1.12.0, your system is vulnerable.

Additionally, since the vulnerability involves unverified TLS connections, network detection could involve monitoring for suspicious man-in-the-middle activity or unexpected certificate warnings during connections to the Databricks backend, but no specific network commands or signatures are provided in the available resources.

Executive Summary

This vulnerability is an Improper Certificate Validation issue in the Apache Airflow Provider for Databricks. The provider's code did not properly validate SSL/TLS certificates when establishing connections to the Databricks back-end.

Because of this, an attacker could perform a man-in-the-middle (MITM) attack, intercepting and potentially manipulating the traffic or stealing credentials without the user's knowledge.

Impact Analysis

This vulnerability can allow an attacker to intercept and manipulate the data transmitted between Apache Airflow and Databricks, potentially leading to unauthorized access to sensitive information.

Credentials could be exfiltrated without notice, which may result in further compromise of systems or data breaches.

Mitigation Strategies

To mitigate this vulnerability, users are recommended to upgrade the Apache Airflow Provider for Databricks to version 1.12.0 or later, as this version fixes the improper certificate validation issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32794. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart