CVE-2026-32794: CWE-295 Improper Certificate Validation in Apache Software Foundation Apache Airflow Provider for Databricks
CVE-2026-32794 is an improper certificate validation vulnerability in the Apache Airflow Provider for Databricks versions from 1. 10. 0 before 1. 12. 0. The provider did not validate certificates for connections to the Databricks back-end, which could allow a man-in-the-middle attacker to intercept or manipulate traffic or exfiltrate credentials without detection. The issue is fixed in version 1. 12. 0. The vulnerability has a CVSS score of 4.
AI Analysis
Technical Summary
The Apache Airflow Provider for Databricks prior to version 1.12.0 contains a CWE-295 improper certificate validation vulnerability. Specifically, the provider code failed to validate TLS certificates when establishing connections to the Databricks back-end. This flaw could enable an attacker positioned in the network path to perform man-in-the-middle attacks, potentially intercepting or altering data and stealing credentials. The vulnerability affects versions starting from 1.10.0 up to but not including 1.12.0. Users are advised to upgrade to version 1.12.0, which includes the fix for this issue.
Potential Impact
An attacker capable of intercepting network traffic between Apache Airflow Provider for Databricks and the Databricks back-end could exploit this vulnerability to perform man-in-the-middle attacks. This could lead to the interception and manipulation of sensitive data and the exfiltration of credentials without alerting the user. The impact is limited to confidentiality and integrity with no direct availability impact. The CVSS score of 4.8 reflects a medium severity level.
Mitigation Recommendations
Users should upgrade the Apache Airflow Provider for Databricks to version 1.12.0 or later, where this improper certificate validation vulnerability has been fixed. No other mitigation or temporary workaround is indicated. Patch status is confirmed by the vendor advisory recommending the upgrade.
CVE-2026-32794: CWE-295 Improper Certificate Validation in Apache Software Foundation Apache Airflow Provider for Databricks
Description
CVE-2026-32794 is an improper certificate validation vulnerability in the Apache Airflow Provider for Databricks versions from 1. 10. 0 before 1. 12. 0. The provider did not validate certificates for connections to the Databricks back-end, which could allow a man-in-the-middle attacker to intercept or manipulate traffic or exfiltrate credentials without detection. The issue is fixed in version 1. 12. 0. The vulnerability has a CVSS score of 4.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Apache Airflow Provider for Databricks prior to version 1.12.0 contains a CWE-295 improper certificate validation vulnerability. Specifically, the provider code failed to validate TLS certificates when establishing connections to the Databricks back-end. This flaw could enable an attacker positioned in the network path to perform man-in-the-middle attacks, potentially intercepting or altering data and stealing credentials. The vulnerability affects versions starting from 1.10.0 up to but not including 1.12.0. Users are advised to upgrade to version 1.12.0, which includes the fix for this issue.
Potential Impact
An attacker capable of intercepting network traffic between Apache Airflow Provider for Databricks and the Databricks back-end could exploit this vulnerability to perform man-in-the-middle attacks. This could lead to the interception and manipulation of sensitive data and the exfiltration of credentials without alerting the user. The impact is limited to confidentiality and integrity with no direct availability impact. The CVSS score of 4.8 reflects a medium severity level.
Mitigation Recommendations
Users should upgrade the Apache Airflow Provider for Databricks to version 1.12.0 or later, where this improper certificate validation vulnerability has been fixed. No other mitigation or temporary workaround is indicated. Patch status is confirmed by the vendor advisory recommending the upgrade.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apache
- Date Reserved
- 2026-03-16T10:17:35.548Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 69caf451e6bfc5ba1d7409b4
Added to database: 3/30/2026, 10:08:17 PM
Last enriched: 4/7/2026, 10:57:06 AM
Last updated: 5/15/2026, 1:47:40 AM
Views: 122
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.