Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass
Description
In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances.
You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Apache Airflow AWS Auth Manager fails to verify SAML origin against instance URL, allowing cross-instance access reuse.
Vulnerability
Overview
In the AWS Auth Manager component of Apache Airflow, the origin of SAML authentication responses is taken from the client-provided value and not validated against the actual instance URL. This means an attacker can present a SAML response originally issued for a different Airflow instance, and the system will accept it [1][2][3].
Exploitation
Method
An attacker who obtains a valid SAML response from one Airflow instance (for example, through passive interception or by being a legitimate user of that other instance) can reuse that response against a separate Airflow instance that uses the same AWS Auth Manager. Because the origin check is missing, the second instance will accept the external SAML assertion as if it were issued for itself [2][3]. No additional authentication on the target instance is required beyond presenting the reused SAML response.
Impact
Successful exploitation allows the attacker to gain authenticated access to a different Airflow instance with whatever privileges are associated with the original SAML assertion. Since different instances can have different access controls and user roles, this bypass may grant unauthorized access to workflows, DAGs, credentials, or data on the target instance [2][3]. The vulnerability is classified as medium severity.
Mitigation
The issue is fixed in version 9.22.0 of the apache-airflow-providers-amazon package. Users of the AWS Auth Manager are strongly advised to upgrade immediately [1][2][3]. The fix was introduced via pull request #61368 and validates the SAML origin against the expected instance URL [4].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-airflow-providers-amazonPyPI | < 9.22.0 | 9.22.0 |
Affected products
2- Range: <9.22.0
- Apache Software Foundation/Apache Airflow Providers Amazonv5Range: 8.0.0
Patches
11a86aec01d82Fix `host` in AWS auth manager (#61368)
1 file changed · +4 −1
providers/amazon/src/airflow/providers/amazon/aws/auth_manager/routes/login.py+4 −1 modified@@ -19,6 +19,7 @@ import logging from typing import Any +from urllib.parse import urlparse import anyio from fastapi import HTTPException, Request, status @@ -133,7 +134,9 @@ def _init_saml_auth(request: Request) -> OneLogin_Saml2_Auth: def _prepare_request(request: Request) -> dict: - host = request.headers.get("host", request.client.host if request.client else "localhost") + parsed = urlparse(conf.get("api", "base_url", fallback="http://localhost")) + host = parsed.hostname + data: dict[str, Any] = { "https": "on" if request.url.scheme == "https" else "off", "http_host": host,
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/apache/airflow/pull/61368ghsapatchWEB
- github.com/advisories/GHSA-rv5f-ccpm-xjj4ghsaADVISORY
- lists.apache.org/thread/spwwrsmwxod7fpttcd7n7zs46j839l77ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-25604ghsaADVISORY
- www.openwall.com/lists/oss-security/2026/03/09/6ghsaWEB
- github.com/apache/airflow/commit/1a86aec01d827ba8caf41b645db56663a9a61850ghsaWEB
News mentions
0No linked articles in our index yet.