SAML Authentication Flaw in Prowler Cloud Security Platform
CVE-2026-59151
9.6CRITICAL
What is CVE-2026-59151?
A vulnerability in Prowler's SAML authentication flow allowed an authenticated attacker to exploit email domain assertions in SAMLResponses. By controlling a SAML Identity Provider (IdP), the attacker could manipulate the email address to receive a token for a different configured domain, allowing unauthorized access and cross-tenant account takeover. This issue was addressed in version 5.30.3, reinforcing the necessity for secure SAML configurations.
Affected Version(s)
prowler < 5.30.3
