CVE-2026-25604
ADVISORY - githubSummary
In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL. This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances.
You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.
EPSS Score: 0.0001 (0.009)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Origin Validation Error
ADVISORY - github
Origin Validation Error
NIST
CREATED
UPDATED
ADVISORY IDCVE-2026-25604
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
5.4mediumGitHub
CREATED
UPDATED
ADVISORY IDGHSA-rv5f-ccpm-xjj4
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)