CVE-2026-25604

MEDIUM

AWS Auth Manager - Auth Bypass

Title source: llm

Description

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.

Exploits (1)

nomisec WORKING POC

by John-Jung · poc

https://github.com/John-Jung/CVE-2026-25604-PoC

View Code ZIP pw:eip

References (3)

[Issue Tracking] https://github.com/apache/airflow/pull/61368

[Mailing List] https://lists.apache.org/thread/spwwrsmwxod7fpttcd7n7zs46j839l77

[Mailing List] http://www.openwall.com/lists/oss-security/2026/03/09/6

Scores

CVSS v3 5.4

EPSS 0.0002

EPSS Percentile 5.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-346

Status published

Products (2)

apache/airflow_providers_amazon 8.0.0 - 9.22.0

pypi/apache-airflow-providers-amazon 0 - 9.22.0PyPI

Published Mar 09, 2026

Tracked Since Mar 09, 2026