Vulnerability Summary
| Field | Details |
|---|---|
| CVE ID | CVE-2026-25604 |
| Vulnerability Name | AWS Auth Manager SAML Authentication Origin Validation Bypass |
| Affected Software | Apache Airflow – Amazon Provider (AWS Auth Manager) |
| Affected Versions | apache-airflow-providers-amazon 8.0.0 – 9.21.x |
| Patched Version | 9.22.0 and later |
| Vulnerability Type | Authentication Bypass / Host Header Manipulation |
| Attack Vector | Network |
| Privileges Required | None |
| User Interaction | Required during authentication flow |
| Severity | High |
| CVSS Score | ~8.0 (Estimated) |
| Exploitability | Moderate to High |
| Exploit Availability | No public exploit framework, but exploitation can be reproduced manually |
| Impact | Unauthorized login to Airflow instance via reused SAML authentication response |
A vulnerability was identified in the AWS Auth Manager component used by the Apache Airflow Amazon provider package. The issue occurs because the origin of the SAML authentication request is taken directly from the client request and is not verified against the configured Airflow instance URL. This behavior allows manipulation of host or origin headers during the authentication process and can result in SAML responses being reused across instances.
Overview
Apache Airflow environments that use the AWS Auth Manager with SAML authentication are affected by this issue. The authentication flow relies on SAML assertions generated by an Identity Provider (IdP). Normally, the application must verify that the SAML response was intended for the exact service provider instance that initiated the authentication request.
In vulnerable implementations, the origin value used during authentication is derived from client-supplied headers rather than the actual configured instance URL. Because of this behavior, the application may incorrectly trust a SAML assertion even if it was originally issued for another Airflow instance.
If the request headers are manipulated, the system may accept a SAML authentication response that was not meant for that specific deployment. This effectively creates a situation where authentication responses may be replayed or reused across instances.
Technical Root Cause
The vulnerability exists due to improper validation during the SAML authentication workflow.
During the authentication process:
- A user attempts to log into the Airflow interface.
- The request is redirected to the Identity Provider.
- The IdP generates a signed SAML assertion.
- The assertion is returned to the Airflow authentication endpoint.
- The AWS Auth Manager determines the authentication origin using request headers supplied by the client.
Instead of validating the origin against the configured Airflow instance address, the application relies on the value provided in the HTTP request. Because these headers can be controlled by an attacker, the verification logic can be bypassed.
As a result, authentication assertions may be accepted even if they were generated for a different environment.
Affected Environment
The vulnerability affects environments that meet the following conditions:
- Apache Airflow deployment using AWS Auth Manager
- SAML authentication enabled
- Apache Airflow Amazon provider package between 8.0.0 and 9.21.x
Typical deployments include:
- Kubernetes Airflow clusters
- Self-hosted Airflow servers
- Cloud hosted Airflow environments
- Enterprise Airflow platforms integrated with SAML SSO
Identity providers commonly used with these deployments include:
- AWS IAM Identity Center
- Okta
- Azure AD
- Other SAML compatible identity providers
Exploitation Scenario
A successful attack relies on the ability to replay a valid SAML response or manipulate request headers.
Example attack sequence
- A valid SAML authentication response is obtained.
This may occur through interception, logging exposure, or testing environments. - A request is crafted toward a vulnerable Airflow instance.
- Request headers such as Host or X-Forwarded-Host are manipulated to modify the origin.
- The captured SAML response is replayed during the authentication flow.
- Because the origin is not validated against the real instance URL, the assertion is accepted.
- The attacker is granted authenticated access to the Airflow interface.
This attack does not necessarily require credential theft. The primary weakness lies in the trust placed on the request origin.
Proof of Concept (Educational Use Only)
The following example illustrates how the vulnerability could be tested in a controlled environment.
Sample request replay
POST /aws-auth/saml/acs HTTP/1.1
Host: airflow-target.internal
X-Forwarded-Host: malicious.example.com
Content-Type: application/x-www-form-urlencodedSAMLResponse=<Base64EncodedAssertion>
RelayState=airflow
If the application relies on the manipulated header when validating the SAML response, authentication may succeed even though the assertion was not issued for that instance.
Testing should only be performed in controlled environments with proper authorization.
Impact
If exploited successfully, the following consequences may occur:
Unauthorized Access
Attackers may gain access to the Airflow web interface without valid credentials.
Privilege Escalation
If the reused SAML assertion belongs to a privileged user, administrative functions may become accessible.
Workflow Manipulation
Airflow DAGs may be triggered, modified, or deleted.
Data Exposure
Sensitive information stored within Airflow configurations or connections may be accessed.
Infrastructure Risk
Airflow pipelines frequently interact with cloud infrastructure, including:
- databases
- storage services
- internal APIs
- container orchestration systems
Compromise of Airflow may therefore expose additional internal systems.
Indicators of Exploitation
Security monitoring may reveal several indicators associated with this vulnerability.
Abnormal Authentication Origins
Authentication attempts referencing unexpected domain names.
Host Header Manipulation
Requests containing conflicting host related headers.
Example:
Host: airflow.company.internal
X-Forwarded-Host: attacker-domain.example
Repeated SAML Assertion Usage
Multiple successful logins referencing the same assertion ID.
Authentication From Unexpected Sources
Login events originating from unusual networks or geographic locations.
Detection
Application Log Analysis
Search for authentication events where request headers do not match the configured service URL.
Example query logic:
authentication_event
| where request_host != airflow_instance_domain
Splunk Detection Query
index=airflow_logs
"saml" AND ("Host" OR "X-Forwarded-Host")
| eval mismatch=if(host!=configured_domain,1,0)
| search mismatch=1
Elastic Detection Query
event.dataset:airflow.auth AND
(http.request.headers.host:* AND http.request.headers.x_forwarded_host:*)
AND NOT http.request.headers.host.keyword:expected_airflow_domain
Microsoft Sentinel (KQL)
AirflowLogs
| where EventType == "Authentication"
| where HostHeader != InstanceDomain
| summarize count() by HostHeader, SourceIP
Generic SIEM Logic
IF authentication_event
AND host_header != configured_service_provider_domain
THEN generate alert
Log Sources
Monitoring should include the following log sources.
Application Logs
Airflow authentication logs and AWS Auth Manager logs.
Reverse Proxy Logs
- Nginx
- Apache HTTP server
- Kubernetes ingress controllers
Identity Provider Logs
- AWS IAM Identity Center
- Okta
- Azure AD
- Other SAML IdP logs
Infrastructure Logs
- Cloud load balancer logs
- API gateway logs
- Kubernetes audit logs
MITRE ATT&CK Mapping
| Tactic | Technique |
|---|---|
| Initial Access | Exploit Public Facing Application (T1190) |
| Credential Access | Valid Accounts (T1078) |
| Defense Evasion | Modify Authentication Process |
| Persistence | Account Access Reuse |
Mitigation
Immediate actions recommended:
- Upgrade the Apache Airflow Amazon provider package
- Implement strict host header validation
- Restrict authentication endpoints behind trusted reverse proxies
- Enable logging for authentication flows
- Monitor SAML assertion reuse
Additional protective controls include:
- enforcing allowed host configurations
- blocking unexpected headers at reverse proxies
- implementing strict SAML audience validation
Official Patch / Upgrade
The vulnerability has been resolved in:
Apache Airflow Amazon Provider version 9.22.0
Upgrade guidance and patch details are available at the official project repository:
https://github.com/apache/airflow/releases
Upgrading to the patched version ensures that the authentication origin is validated against the configured instance URL before a SAML response is accepted.
