2 matches found
Improper Certificate Validation
Overview apache-airflow-providers-databricks is a Provider package apache-airflow-providers-databricks for Apache Airflow Affected versions of this package are vulnerable to Improper Certificate Validation due to the lack of certificate validation in the K8s Token Exchange. An attacker can...
CVE-2026-32794 Apache Airflow Provider for Databricks: TLS Certificate Verification Disabled in Databricks Provider K8s Token Exchange
Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...