Vulnerability Details CVE-2026-32794
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o notice.
This issue affects Apache Airflow Provider for Databricks: from 1.10.0 before 1.12.0.
Users are recommended to upgrade to version 1.12.0, which fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 0.3%
CVSS Severity
CVSS v3 Score 4.8
References
Products affected by CVE-2026-32794
-
cpe:2.3:a:apache:airflow_providers_databricks:*