Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN281
_____________________________________________________________________

DATE                : 10/03/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Airflow AWS Auth Manager
                               versions prior to 9.22.0.

=====================================================================
https://lists.apache.org/thread/4vv2dr246bn01bpt18ryg0h5k0m1w7wo
_____________________________________________________________________

CVE-2026-25604: Apache Airflow AWS Auth Manager - Host Header
Injection Leading to SAML Authentication Bypass

Severity: medium 

Affected versions:

- Apache Airflow Providers Amazon (apache-airflow-providers-amazon)
8.0.0 before 9.22.0

Description:

In AWS Auth manager, the origin of the SAML authentication has been
used as provided by the client and not verified against the actual
instance URL. 
This allowed to gain access to different instances with potentially
different access controls by reusing SAML response from other instances.

You should upgrade to 9.22.0 version of provider if you use AWS Auth
Manager.

Credit:

Sungwuk Jung (finder)

References:

https://github.com/apache/airflow/pull/61368
https://airflow.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-25604


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================