Skip to main content

Apache CVE-2026-32794

| EUVDEUVD-2026-17219 MEDIUM
Improper Certificate Validation (CWE-295)
2026-03-30 apache
4.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.8 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
EUVD ID Assigned
Mar 30, 2026 - 22:15 euvd
EUVD-2026-17219
Analysis Generated
Mar 30, 2026 - 22:15 vuln.today
Patch released
Mar 30, 2026 - 22:15 nvd
Patch available
CVE Published
Mar 30, 2026 - 21:43 nvd
MEDIUM 4.8

DescriptionCVE.org

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o notice.

This issue affects Apache Airflow Provider for Databricks: from 1.10.0 before 1.12.0.

Users are recommended to upgrade to version 1.12.0, which fixes the issue.

AnalysisAI

Improper certificate validation in Apache Airflow Provider for Databricks versions 1.10.0 through 1.11.x allows unauthenticated attackers to intercept and manipulate traffic between Airflow and Databricks backends via man-in-the-middle attacks, potentially exfiltrating credentials and sensitive workflow data. The provider did not validate SSL/TLS certificates when establishing connections to Databricks, creating a critical trust boundary weakness. Vendor-released patch available in version 1.12.0; no public exploit code or active exploitation confirmed at time of analysis.

Technical ContextAI

This vulnerability stems from a certificate validation bypass in the Databricks provider for Apache Airflow, rooted in CWE-295 (Improper Certificate Validation). When establishing HTTPS connections to Databricks backend services, the provider code failed to properly verify the server's SSL/TLS certificate chain, removing a critical cryptographic control. This allows attackers positioned on the network path (whether on local LAN, compromised ISP infrastructure, or cloud network segments) to present a fraudulent certificate and intercept bidirectional traffic. Given that Databricks connections typically carry OAuth tokens, API keys, and workflow execution data, the impact extends beyond traffic interception to credential theft and unauthorized data manipulation. The affected product is Apache Airflow Provider for Databricks (CPE: cpe:2.3:a:apache_software_foundation:apache_airflow_provider_for_databricks:*:*:*:*:*:*:*:*), which serves as a bridge between Airflow orchestration workflows and Databricks compute clusters.

RemediationAI

Vendor-released patch: Apache Airflow Provider for Databricks version 1.12.0 and later. Upgrade the provider package immediately using pip install --upgrade apache-airflow-providers-databricks==1.12.0 or via your Python dependency management system. Verify the upgrade by checking the installed version with pip show apache-airflow-providers-databricks. No workarounds are available short of patching; certificate validation is a fundamental security control that cannot be safely disabled or replaced. The upstream fix is documented in GitHub PR #63704 (https://github.com/apache/airflow/pull/63704) and Apache's official advisory (https://lists.apache.org/thread/hn17yqsgsdtl81llvhf80rkp53hnz5nb). After patching, redeploy any stored Databricks credentials in Airflow connection definitions to eliminate exposure from previous unencrypted communications.

Share

CVE-2026-32794 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy