{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32794", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2026-03-16T10:17:35.548Z", "datePublished": "2026-03-30T21:43:38.144Z", "dateUpdated": "2026-03-31T13:31:19.039Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://pypi.python.org", "defaultStatus": "unaffected", "packageName": "apache-airflow-providers-databricks", "product": "Apache Airflow Provider for Databricks", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "1.12.0", "status": "affected", "version": "1.10.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Kai Aizen"}, {"lang": "en", "type": "remediation developer", "value": "Marcin Wojtyczka"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o notice.</p><p>This issue affects Apache Airflow Provider for Databricks: from 1.10.0 before 1.12.0.</p><p>Users are recommended to upgrade to version 1.12.0, which fixes the issue.</p>"}], "value": "Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o notice.\n\nThis issue affects Apache Airflow Provider for Databricks: from 1.10.0 before 1.12.0.\n\nUsers are recommended to upgrade to version 1.12.0, which fixes the issue."}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-03-30T21:43:38.144Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/apache/airflow/pull/63704"}, {"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/hn17yqsgsdtl81llvhf80rkp53hnz5nb"}], "source": {"discovery": "UNKNOWN"}, "title": "Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/03/30/9"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-30T23:11:36.468Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T13:31:16.526806Z", "id": "CVE-2026-32794", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T13:31:19.039Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-32794", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T13:31:16.526806Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-03-31T13:30:57.383Z"}}], "cna": {"title": "Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "Kai Aizen"}, {"lang": "en", "type": "remediation developer", "value": "Marcin Wojtyczka"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "low"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Airflow Provider for Databricks", "versions": [{"status": "affected", "version": "1.10.0", "lessThan": "1.12.0", "versionType": "semver"}], "packageName": "apache-airflow-providers-databricks", "collectionURL": "https://pypi.python.org", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/apache/airflow/pull/63704", "tags": ["patch"]}, {"url": "https://lists.apache.org/thread/hn17yqsgsdtl81llvhf80rkp53hnz5nb", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o notice.\n\nThis issue affects Apache Airflow Provider for Databricks: from 1.10.0 before 1.12.0.\n\nUsers are recommended to upgrade to version 1.12.0, which fixes the issue.", "supportingMedia": [{"type": "text/html", "value": "<p>Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o notice.</p><p>This issue affects Apache Airflow Provider for Databricks: from 1.10.0 before 1.12.0.</p><p>Users are recommended to upgrade to version 1.12.0, which fixes the issue.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295 Improper Certificate Validation"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2026-03-30T21:43:38.144Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32794", "state": "PUBLISHED", "dateUpdated": "2026-03-30T23:11:36.468Z", "dateReserved": "2026-03-16T10:17:35.548Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2026-03-30T21:43:38.144Z", "assignerShortName": "apache"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o notice.\n\nThis issue affects Apache Airflow Provider for Databricks: from 1.10.0 before 1.12.0.\n\nUsers are recommended to upgrade to version 1.12.0, which fixes the issue."}, {"lang": "es", "value": "Vulnerabilidad de Validaci\u00f3n de Certificado Incorrecta en el Proveedor de Apache Airflow para Databricks. El c\u00f3digo del proveedor no validaba los certificados para las conexiones al *back-end* de Databricks, lo que podr\u00eda dar lugar a un ataque de intermediario en el que el tr\u00e1fico es interceptado y manipulado o las credenciales son exfiltradas sin previo aviso.\n\nEste problema afecta al Proveedor de Apache Airflow para Databricks: desde la versi\u00f3n 1.10.0 hasta antes de la 1.12.0.\n\nSe recomienda a los usuarios actualizar a la versi\u00f3n 1.12.0, que corrige el problema."}], "id": "CVE-2026-32794", "lastModified": "2026-03-31T14:16:11.510", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 2.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-30T22:16:18.760", "references": [{"source": "security@apache.org", "url": "https://github.com/apache/airflow/pull/63704"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread/hn17yqsgsdtl81llvhf80rkp53hnz5nb"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/03/30/9"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "security@apache.org", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[1.10.0,1.12.0)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}]}, "product": "airflow_provider_for_databricks", "vendor": "apache"}], "analysis": {"en": {"generated_at": "2026-03-31T16:06:10.831116+00:00", "value": {"mitigation_remediation": ["Upgrade Apache Airflow Provider for Databricks to version 1.12.0 or later"], "summary": {"action": "Patch Immediately", "impact": "Man\u2011in\u2011the\u2011middle attack with credential exposure"}, "threat_synthesis": {"affected_systems": "Vulnerable versions of the provider run from 1.10.0 up to, but not including, 1.12.0. Any deployment using those releases is affected; upgrading to 1.12.0 or later resolves the flaw.", "description_and_impact": "An oversight in the Apache Airflow Provider for Databricks caused the provider to skip TLS certificate validation when connecting to Databricks services. This omission creates a CWE\u2011295 weakness that allows an attacker to tamper with data or leak credentials without the user\u2019s awareness.", "risk_and_exploitability": "The CVSS score is 4.8, indicating moderate severity, while the EPSS score is under 1%, suggesting a low likelihood of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector, inferred from the fact that certificate validation is omitted, is an attacker positioned between Airflow and Databricks\u2014such as a malicious actor on an untrusted network\u2014who could present a forged certificate and intercept traffic. This inference is drawn from the description and is not explicitly stated in the advisory."}}}}, "created": "2026-03-31T19:57:08.867830+00:00", "updated": "2026-03-31T20:39:53.379196+00:00", "vendors": ["apache", "apache$PRODUCT$airflow_provider_for_databricks"]}