snailsploit[$]
CVE Disclosure · Apache Foundation

CVE-2026-32794

Apache Airflow (Databricks provider)

TLS verification bypass

CVSS4.8
SeverityMedium
ClassTLS verification bypass
TrackApache Foundation

Summary

CVE-2026-32794 is a medium-severity vulnerability (CVSS 4.8) affecting Apache Airflow (Databricks provider). The issue is classified as TLS verification bypass, part of the Apache Foundation disclosure track on this site.

References

Authoritative sources and PoC material:

NVDMITREPoC repoVendor

Disclosure

Reporter
Kai Aizen (snailsploit)
Coordination
Vendor + MITRE/NVD
Status
Disclosed · CVE assigned · entry public on NVD
Track
Apache Foundation

About this writeup

Detailed exploitation analysis, root-cause walkthrough, and remediation guidance for this finding live in the PoC repository. For broader methodology see services and research.

disclosure contextall 23 cves →
all disclosures
CVE Ledger →
23 published CVEs across container, web, OSS, kernel
advisories
GHSA disclosures →
coordinated security advisories
engage
Pen Testing →
same methodology, your stack
Author
Kai Aizen
Independent offensive security researcher. 23 published CVEs, 5 Linux kernel mainline patches, creator of AATMF / P.R.O.M.P.T / SEF, author of Adversarial Minds.
aboutservicesgithubxlinkedinresearchgate