Moderate severityNVD Advisory· Published Mar 9, 2026· Updated Mar 9, 2026
Apache Airflow AWS Auth Manager - Host Header Injection Leading to SAML Authentication Bypass
CVE-2026-25604
Description
In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances.
You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-airflow-providers-amazonPyPI | < 9.22.0 | 9.22.0 |
Affected products
5- osv-coords4 versionspkg:apk/chainguard/airflow-2pkg:apk/chainguard/airflow-3pkg:apk/wolfi/airflow-3pkg:pypi/apache-airflow-providers-amazon
< 2.11.1-r1+ 3 more
- (no CPE)range: < 2.11.1-r1
- (no CPE)range: < 3.1.8-r0
- (no CPE)range: < 3.1.8-r0
- (no CPE)range: < 9.22.0
- Range: 8.0.0
Patches
Vulnerability mechanics
References
6- github.com/apache/airflow/pull/61368ghsapatchWEB
- github.com/advisories/GHSA-rv5f-ccpm-xjj4ghsaADVISORY
- lists.apache.org/thread/spwwrsmwxod7fpttcd7n7zs46j839l77ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-25604ghsaADVISORY
- www.openwall.com/lists/oss-security/2026/03/09/6ghsaWEB
- github.com/apache/airflow/commit/1a86aec01d827ba8caf41b645db56663a9a61850ghsaWEB
News mentions
0No linked articles in our index yet.