CVE-2026-32794

MEDIUM

Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-32794. PoCs published by SnailSploit.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2026-32794, a TLS certificate verification bypass in Apache Airflow Databricks Provider. It includes vulnerable code snippets, root cause analysis, attack chain, and remediation details.

Description

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o notice. This issue affects Apache Airflow Provider for Databricks: from 1.10.0 before 1.12.0. Users are recommended to upgrade to version 1.12.0, which fixes the issue.

Exploits (1)

nomisec WRITEUP

by SnailSploit · poc

https://github.com/SnailSploit/CVE-2026-32794

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2026-32794, a TLS certificate verification bypass in Apache Airflow Databricks Provider. It includes vulnerable code snippets, root cause analysis, attack chain, and remediation details.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: apache-airflow-providers-databricks (all versions with K8s token exchange)

No auth needed

Prerequisites: Network access within the Kubernetes cluster · Ability to perform MITM attacks

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Apr 08, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List

http://www.openwall.com/lists/oss-security/2026/03/30/9

Patch patch

https://github.com/apache/airflow/pull/63704

Vendor Advisory vendor-advisory

https://lists.apache.org/thread/hn17yqsgsdtl81llvhf80rkp53hnz5nb

Scores

CVSS v3 4.8

EPSS 0.0003

EPSS Percentile 7.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-295

Status published

Products (3)

apache/airflow_providers_databricks 1.10.0 - 1.12.0

Apache Software Foundation/Apache Airflow Provider for Databricks 1.10.0 - 1.12.0

pypi/apache-airflow 1.10.0 - 1.12.0PyPI

Published Mar 30, 2026

Tracked Since Mar 31, 2026