CVE-2026-25604
Analyzed
Analyzed - Analysis Complete
SAML Origin Spoofing in AWS Auth Manager Enables Unauthorized Access
Vulnerability report for CVE-2026-25604, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-03-09
Last updated on: 2026-07-02
Assigner: Apache Software Foundation
Description
Description
In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL.Β
This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances.
You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | apache-airflow-providers-amazon | From 8.0.0 (inc) to 9.22.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |