Airflow Providers Amazon

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-25604 MEDIUM PATCH This Month

AWS Airflow Providers with Auth Manager fail to validate SAML response origins against the actual instance URL, allowing attackers with valid credentials from one instance to authenticate to other instances with potentially different access controls. This cross-instance authentication bypass requires low privileges and network access but does not directly compromise confidentiality or integrity. Users should upgrade to version 9.22.0 or later to remediate this vulnerability.

Aws Airflow Providers Amazon

NVD GitHub VulDB

CVSS 3.1

5.4

EPSS

0.0%

CVE-2026-25604

EPSS 0% CVSS 5.4

MEDIUM PATCH This Month

AWS Airflow Providers with Auth Manager fail to validate SAML response origins against the actual instance URL, allowing attackers with valid credentials from one instance to authenticate to other instances with potentially different access controls. This cross-instance authentication bypass requires low privileges and network access but does not directly compromise confidentiality or integrity. Users should upgrade to version 9.22.0 or later to remediate this vulnerability.

Aws Airflow Providers Amazon

NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy