Wiz and Databricks: Adding Databricks to the Wiz Security Graph

Extending Wiz Visibility with the Databricks Data & AI Platform...

GHSA-GJVH-7JH8-7XHM vulnerabilities

Vulnerabilities for packages: opentofu-fips, nri-redis, php-fpmexporter, git-sync, rabbitmq-default-user-credential-updater, vertical-pod-autoscaler-fips, gatekeeper-fips, kubelet-csr-approver-fips, opentelemetry-collector, newrelic-infrastructure-agent, yace, agentbeat,...

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: opentofu-fips, nri-redis, php-fpmexporter, git-sync, rabbitmq-default-user-credential-updater, vertical-pod-autoscaler-fips, gatekeeper-fips, kubelet-csr-approver-fips, newrelic-infrastructure-agent, yace, agentbeat, kubernetes-dashboard-metrics-scraper,...

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +18 more potentially affected by CVE-2026-33865 via mlflow (>=3.0.0rc2 <=3.10.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =7.1.1, =0.2.0, =3.10.1, =1.0.1, =1.0.1, =3.0.15, =0.2.0.dev0, =0.6.7, =0.1.19, =0.1.0, =0.1.8 and more Source cves: CVE-2026-33865 Source advisory: SNYK:PYTHON-MLFLOW-15923609...

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +18 more potentially affected by CVE-2026-33866 via mlflow (>=3.0.0rc2 <=3.10.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =7.1.1, =0.2.0, =3.10.1, =1.0.1, =1.0.1, =3.0.15, =0.2.0.dev0, =0.6.7, =0.1.19, =0.1.0, =0.1.8 and more Source cves: CVE-2026-33866 Source advisory: SNYK:PYTHON-MLFLOW-15923601...

azure-ai-generative (>=1.0.0b1 <=1.0.0b3), azure-ai-resources (>=1.0.0b1 <=1.0.0b9) +30 more potentially affected by CVE-2026-33866 via mlflow-skinny (>=3.0.0 <=3.11.0rc0)

mlflow-skinny PYPI version =3.0.0, =1.0.0b1, =1.0.0b1, =0.1.0, =0.1.0, =2.5.0, =0.0.13, =7.1.1, =0.2.0, =0.2.1 and more Source cves: CVE-2026-33866 Source advisory: SNYK:PYTHON-MLFLOWSKINNY-15923600...

CVE-2026-33107

Server-side request forgery ssrf in Azure Databricks allows an unauthorized attacker to elevate privileges over a network...

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +3 more potentially affected by CVE-2026-0545 via mlflow (>=3.0.0rc2 <=3.0.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =0.2.0.dev0, =0.6.7, =0.8.1 Source cves: CVE-2026-0545 Source advisory: SNYK:PYTHON-MLFLOW-15922301...

EUVD-2026-18564

Server-side request forgery ssrf in Azure Databricks allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-33107

Server-side request forgery ssrf in Azure Databricks allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-33107

Server-side request forgery ssrf in Azure Databricks allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-33107 Azure Databricks Elevation of Privilege Vulnerability

...

CVE-2026-33107 Azure Databricks Elevation of Privilege Vulnerability

...

CVE-2026-33107

Azure Databricks is affected by a server-side request forgery (SSRF) that, per the sources, allows an unauthorized attacker to elevate privileges over a network. The CVSS 3.1 base score is 10.0 (CRITICAL) with network access, low attack complexity, and no user interaction required; confidentialit...

Azure Databricks Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Azure Databricks allows an unauthorized attacker to elevate privileges over a network...

PT-2026-29907

Name of the Vulnerable Software and Affected Versions Azure Databricks affected versions not specified Description Server-side request forgery ssrf in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information abou...

KLA90966 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, gain privileges. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Azure MCP Server can...

Microsoft Azure Databricks 代码问题漏洞

Microsoft Azure Databricks is an open analysis platform provided by the American company Microsoft. There is a code vulnerability in Microsoft Azure Databricks, which stems from server-side request forgery. This vulnerability could allow unauthorized attackers to gain elevated privileges through...

CVE-2026-32794

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...

Security Bulletin: IBM App Connect Enterprise Certified Container flows that use the Box or Databricks connectors are vulnerable to loss of confidentiality (CVE-2026-27699)

Summary Node.js module basic-ftp is used by IBM App Connect Enterprise Certified Container in the connectors for Box and Databricks. IBM App Connect Enterprise Certified Container IntergationRuntime and IntegrationServer operands that run flows containing Box or Databricks connectors are vulnerab...