Primary

Context

Apache Airflow Provider for Databricks Improper Certificate Validation Vulnerability

Vulnerability

A vulnerability exists in Apache Airflow Provider for Databricks versions 1.10.0 prior to 1.12.0, due to improper validation of TLS certificates for connections to the Databricks back-end. This flaw could allow a man-in-the-middle attack, where an attacker intercepts and manipulates traffic or exfiltrates credentials without detection.

Impact

Exploitation of this vulnerability could lead to a man-in-the-middle attack, allowing interception and manipulation of traffic or unauthorized exfiltration of credentials.

Remediation

Users are advised to upgrade to Apache Airflow Provider for Databricks version 1.12.0, which addresses this vulnerability.

Added: Mar 30, 2026, 10:34 PM

Updated: Mar 30, 2026, 10:34 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.9

exploitability

6.9

remediation

0.0

relevance

4.9

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.9

exploitability

6.9

remediation

0.0

relevance

4.9

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Airflow Provider for Databricks Improper Certificate Validation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating