PT-2026-29132 · Apache · Apache Airflow Provider For Databricks

Kai Aizen

Publicado

2026-03-30

Atualizado

2026-03-31

CVE-2026-32794

CVSS v3.1

4.8

Média

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Apache Airflow Provider for Databricks versions 1.10.0 through 1.11.9

Description The software does not properly validate certificates when connecting to Databricks, potentially allowing a man-in-the-middle attack where traffic is intercepted, manipulated, or credentials are stolen without the user being notified.

Recommendations Upgrade to version 1.12.0 to resolve the issue.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2026-32794

GHSA-WRPJ-755P-X363

Produtos afetados

Apache Airflow Provider For Databricks

PT-2026-29132 · Apache · Apache Airflow Provider For Databricks

CVE-2026-32794

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8