CVE-2026-59151
Prowler (cloud security platform) had a SAML authentication flow flaw prior to version 5.30.3 where the tenant was determined by the asserted email domain in the SAMLResponse rather than the validated SAML configuration. The ACS finish logic recalculated the tenant from user.email, enabling an au...