Apache · Apache Airflow Provider For Databricks · CVE-2026-32794
**Name of the Vulnerable Software and Affected Versions**
Apache Airflow Provider for Databricks versions 1.10.0 through 1.11.9
**Description**
The software does not properly validate certificates when connecting to Databricks, potentially allowing a man-in-the-middle attack where traffic is intercepted, manipulated, or credentials are stolen without the user being notified.
**Recommendations**
Upgrade to version 1.12.0 to resolve the issue.