Skip to main content

Airflow Providers Amazon CVE-2026-25604

MEDIUM
Origin Validation Error (CWE-346)
2026-03-09 security@apache.org GHSA-rv5f-ccpm-xjj4
5.4
CVSS 3.1 · Vendor: apache
Share

Severity by source

Vendor (apache) PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Primary rating from Vendor (apache) · only source for this CVE.

CVSS VectorVendor: apache

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 21:56 vuln.today
Patch released
Mar 10, 2026 - 18:58 nvd
Patch available
CVE Published
Mar 09, 2026 - 11:16 nvd
MEDIUM 5.4

DescriptionCVE.org

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances.

You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.

AnalysisAI

AWS Airflow Providers with Auth Manager fail to validate SAML response origins against the actual instance URL, allowing attackers with valid credentials from one instance to authenticate to other instances with potentially different access controls. This cross-instance authentication bypass requires low privileges and network access but does not directly compromise confidentiality or integrity. Users should upgrade to version 9.22.0 or later to remediate this vulnerability.

Technical ContextAI

Classified as CWE-346 (Origin Validation Error). Affects Airflow Providers Amazon. In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances.

You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.

RemediationAI

A vendor patch is available — apply it immediately. Update to version 9.22.0 or later. Restrict network access to the affected service where possible.

Share

CVE-2026-25604 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy