← Back to CVEs
CVE-2026-25604
MEDIUM5.4
Description
In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.
CVE Details
CVSS v3.1 Score5.4
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published3/9/2026
Last Modified3/10/2026
Sourcenvd
Honeypot Sightings0
Affected Products
apache:airflow_providers_amazon
Weaknesses (CWE)
CWE-346
References
https://github.com/apache/airflow/pull/61368(security@apache.org)
https://lists.apache.org/thread/spwwrsmwxod7fpttcd7n7zs46j839l77(security@apache.org)
http://www.openwall.com/lists/oss-security/2026/03/09/6(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.