PT-2026-29132 · Apache · Apache Airflow Provider For Databricks
Kai Aizen
+1
·
Published
2026-03-30
·
Updated
2026-03-31
·
CVE-2026-32794
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Airflow Provider for Databricks versions 1.10.0 through 1.11.9
Description
The software does not properly validate certificates when connecting to Databricks, potentially allowing a man-in-the-middle attack where traffic is intercepted, manipulated, or credentials are stolen without the user being notified.
Recommendations
Upgrade to version 1.12.0 to resolve the issue.
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Airflow Provider For Databricks