Platform
python
Component
apache-airflow
Fixed in
1.12.0
1.12.0
CVE-2026-32794 describes an Improper Certificate Validation vulnerability within the Apache Airflow Provider for Databricks. This flaw allows a malicious actor to potentially intercept and manipulate traffic, or exfiltrate credentials without detection. The vulnerability impacts versions of the provider up to and including 1.10.9rc1, and a fix is available in version 1.12.0.
The Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks presents a significant risk of man-in-the-middle (MITM) attacks. An attacker positioned between the Airflow instance and the Databricks backend can intercept and potentially modify network traffic. This could lead to the compromise of sensitive data, including credentials used to authenticate with Databricks. Successful exploitation could allow an attacker to gain unauthorized access to Databricks resources, execute arbitrary code within the Airflow environment, or steal confidential information stored within Databricks. The potential blast radius extends to any data processed or stored within the Databricks environment accessible through the compromised Airflow connection.
CVE-2026-32794 was publicly disclosed on 2026-03-31. Its severity is rated as MEDIUM. There are currently no publicly available proof-of-concept exploits. The vulnerability is not listed on the CISA KEV catalog at the time of writing. Exploitation would likely require a sophisticated attacker with network access and the ability to perform MITM attacks.
Exploit Status
EPSS
0.03% (7% percentile)
CVSS Vector
The primary mitigation for CVE-2026-32794 is to upgrade the Apache Airflow Provider for Databricks to version 1.12.0 or later. If an immediate upgrade is not feasible, consider implementing network-level controls to restrict access to the Databricks backend. This could involve using a VPN or firewall to ensure that only trusted connections are allowed. Additionally, review and strengthen certificate pinning configurations within the Airflow environment, if applicable. After upgrading, verify the fix by attempting to establish a connection to Databricks and confirming that certificate validation is enforced.
Upgrade the Apache Airflow Provider for Databricks to version 1.12.0 or higher. This version corrects the improper TLS certificate validation, preventing potential man-in-the-middle attacks. The upgrade can be performed via pip or your preferred Python package manager.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-32794 is a MEDIUM severity vulnerability in the Apache Airflow Provider for Databricks, allowing potential man-in-the-middle attacks due to improper certificate validation.
You are affected if you are using Apache Airflow Provider for Databricks versions 1.10.0 through 1.10.9rc1.
Upgrade the Apache Airflow Provider for Databricks to version 1.12.0 or later to resolve this vulnerability.
There are currently no reports of active exploitation, but the vulnerability presents a significant risk.
Refer to the Apache Airflow security advisories for the latest information: https://airflow.apache.org/docs/security
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.