Apache AWS Auth Manager SAML Origin Validation Flaw before 9.22.0
CVE-2026-25604 Published on March 9, 2026

Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass
In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL.  This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances. You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2026-25604 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Type

Origin Validation Error

The software does not properly verify that the source of data or communication is valid.


Products Associated with CVE-2026-25604

Want to know whenever a new CVE is published for Apache AirFlow? stack.watch will email you.

Apache AirFlow
 

Affected Versions

Apache Software Foundation Apache Airflow Providers Amazon:

Exploit Probability

EPSS
0.01%
Percentile
2.25%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.