Airflow Providers Amazon
CVE-2026-25604
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Primary rating from Vendor (apache) · only source for this CVE.
CVSS VectorVendor: apache
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Lifecycle Timeline
3DescriptionCVE.org
In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances.
You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.
AnalysisAI
AWS Airflow Providers with Auth Manager fail to validate SAML response origins against the actual instance URL, allowing attackers with valid credentials from one instance to authenticate to other instances with potentially different access controls. This cross-instance authentication bypass requires low privileges and network access but does not directly compromise confidentiality or integrity. Users should upgrade to version 9.22.0 or later to remediate this vulnerability.
Technical ContextAI
Classified as CWE-346 (Origin Validation Error). Affects Airflow Providers Amazon. In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances.
You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.
RemediationAI
A vendor patch is available — apply it immediately. Update to version 9.22.0 or later. Restrict network access to the affected service where possible.
Same weakness CWE-346 – Origin Validation Error
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-rv5f-ccpm-xjj4