Vulnerability DatabaseCVE-2026-32794
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-32794
March 30, 2026
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o notice. This issue affects Apache Airflow Provider for Databricks: from 1.10.0 before 1.12.0. Users are recommended to upgrade to version 1.12.0, which fixes the issue.
Affected Packages
apache-airflow-providers-databricks (CONDA):
Affected version(s) >=1.0.1 <7.12.0
Fix Suggestion:
Update to version 7.12.0
apache-airflow-providers-databricks (CONDA):
Affected version(s) >=1.0.1 <7.12.0
Fix Suggestion:
Update to version 7.12.0
apache-airflow-providers-databricks (CONDA):
Affected version(s) >=1.0.1 <7.12.0
Fix Suggestion:
Update to version 7.12.0
https://github.com/apache/airflow.git (GITHUB):
Affected version(s) >=providers-databricks/1.0.0 <providers-databricks/7.12.0
Fix Suggestion:
Update to version providers-databricks/7.12.0
https://github.com/apache/airflow.git (GITHUB):
Affected version(s) >=providers-databricks/1.0.0 <providers-databricks/7.12.0
Fix Suggestion:
Update to version providers-databricks/7.12.0
https://github.com/apache/airflow.git (GITHUB):
Affected version(s) >=providers-databricks/1.0.0 <providers-databricks/7.12.0
Fix Suggestion:
Update to version providers-databricks/7.12.0
apache-airflow-providers-databricks (PYTHON):
Affected version(s) >=1.0.0b1 <7.12.0
Fix Suggestion:
Update to version 7.12.0
apache-airflow-providers-databricks (PYTHON):
Affected version(s) >=1.0.0b1 <7.12.0
Fix Suggestion:
Update to version 7.12.0
apache-airflow-providers-databricks (PYTHON):
Affected version(s) >=1.0.0b1 <7.12.0
Fix Suggestion:
Update to version 7.12.0
Related Resources (3)
https://github.com/apache/airflow/pull/63704
http://www.openwall.com/lists/oss-security/2026/03/30/9
https://lists.apache.org/thread/hn17yqsgsdtl81llvhf80rkp53hnz5nb
Do you need more information?
Contact Us
CVSS v3
Base Score:
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE
Weakness Type (CWE)
Improper Certificate Validation
CWE-295