Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
5.4

Apache Airflow AWS Auth Manager Allows Unauthorized Access to Different Instances

CVE-2026-25604 GHSA-rv5f-ccpm-xjj4 GHSA-rv5f-ccpm-xjj4
Summary

A flaw in Apache Airflow's AWS Auth Manager allows an attacker to access different instances with different access controls by manipulating the SAML authentication. This can happen if you're using a vulnerable version of the Airflow provider. To fix this, update to version 9.22.0 or later of the provider.

What to do
  • Update apache-airflow-providers-amazon to version 9.22.0.
Affected software
VendorProductAffected versionsFix available
apache-airflow-providers-amazon <= 9.22.0 9.22.0
apache airflow_providers_amazon > 8.0.0 , <= 9.22.0
Original title
Apache Airflow AWS Auth Manager has Host Header Injection Leading to SAML Authentication Bypass
Original description
In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. 
This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances.

You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.
Vulnerability type
CWE-346
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026