Vulnerability Description
In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Airflow Providers Amazon | >= 8.0.0, < 9.22.0 |
Related Weaknesses (CWE)
References
- https://github.com/apache/airflow/pull/61368Issue TrackingPatch
- https://lists.apache.org/thread/spwwrsmwxod7fpttcd7n7zs46j839l77Mailing List
- http://www.openwall.com/lists/oss-security/2026/03/09/6Mailing ListThird Party Advisory
FAQ
What is CVE-2026-25604?
CVE-2026-25604 is a vulnerability with a CVSS score of 5.4 (MEDIUM). In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances...
How severe is CVE-2026-25604?
CVE-2026-25604 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-25604?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Airflow Providers Amazon.