SAML Authentication Flaw in Prowler Cloud Security Platform
CVE-2026-59151

9.6CRITICAL

Key Information:

Status
Vendor
CVE Published:
10 July 2026

What is CVE-2026-59151?

A vulnerability in Prowler's SAML authentication flow allowed an authenticated attacker to exploit email domain assertions in SAMLResponses. By controlling a SAML Identity Provider (IdP), the attacker could manipulate the email address to receive a token for a different configured domain, allowing unauthorized access and cross-tenant account takeover. This issue was addressed in version 5.30.3, reinforcing the necessity for secure SAML configurations.

Affected Version(s)

prowler < 5.30.3

References

CVSS V3.1

Score:
9.6
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.