What is CVE-2026-25604?

CVE-2026-25604 is a vulnerability in Apache Software Foundation Airflow Providers Amazon, classified under Origin Validation Error. Published 2026-03-09.

Is CVE-2026-25604 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Apache Software Foundation Airflow Providers Amazon

CVE-2026-25604

In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access cont…

EPSS: 0.000 (3.7th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Airflow Providers Amazon — versions 8.0.0

Weakness classification (CWE)

CWE-346 — Origin Validation Error

Public proof-of-concept exploits

John-Jung/CVE-2026-25604-PoC

References

github.com/apache/airflow/pull/61368 (patch)
lists.apache.org/thread/spwwrsmwxod7fpttcd7n7zs46j839l77 (vendor-advisory)

Frequently asked questions

What is CVE-2026-25604?: CVE-2026-25604 is a vulnerability in Apache Software Foundation Airflow Providers Amazon, classified under Origin Validation Error. Published 2026-03-09.
Is CVE-2026-25604 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.