Skip to main content

Prowler

1 CVEs product

Monthly

CVE-2026-59151 CRITICAL PATCH Act Now

Cross-tenant account takeover in Prowler (cloud security platform) before 5.30.3 lets an authenticated attacker who operates a controlled SAML IdP obtain a tenant-scoped JWT for a victim tenant. The ACS finish logic in api/src/backend/api/v1/views.py derived the destination tenant from the user-asserted email domain rather than binding token issuance to the validated SAML configuration, so an attacker completing a legitimate SAML flow for their own domain while asserting a victim-domain email address receives a SAMLToken and JWT for the wrong tenant. Rated CVSS 9.6 (scope-changing); no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Prowler
NVD GitHub
CVSS 3.1
9.6
EPSS
0.3%
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Cross-tenant account takeover in Prowler (cloud security platform) before 5.30.3 lets an authenticated attacker who operates a controlled SAML IdP obtain a tenant-scoped JWT for a victim tenant. The ACS finish logic in api/src/backend/api/v1/views.py derived the destination tenant from the user-asserted email domain rather than binding token issuance to the validated SAML configuration, so an attacker completing a legitimate SAML flow for their own domain while asserting a victim-domain email address receives a SAMLToken and JWT for the wrong tenant. Rated CVSS 9.6 (scope-changing); no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Prowler
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy