Rewterz

2,000 FortiClient EMS Exposed to Active RCE Exploits

April 6, 2026
Rewterz

Multiple Google Chrome Vulnerabilities

April 6, 2026

Multiple Apache Airflow Vulnerabilities

Severity

High

Analysis Summary

CVE-2026-25604 CVSS:8.1

Apache Airflow Providers Amazon could allow a remote authenticated attacker to bypass authentication and gain access to different instances with potentially different access controls, caused by the origin of the SAML authentication being used as provided by the client and not verified against the actual instance URL.

CVE-2025-69219 CVSS:7.8

Apache Airflow Providers Http could allow a local authenticated attacker to execute arbitrary code on the system, caused by an unsafe pickle deserialization flaw.

Impact

  • Security Bypass
  • Code Execution

Indicators of Compromise

CVE

  • CVE-2026-25604

  • CVE-2025-69219

Affected Vendors

Apache

Affected Products

  • Apache Airflow Providers Amazon - 8.0.0 - 9.21.0
  • Apache Airflow Providers Http - 5.1.0 - 5.6.4

Remediation

Upgrade to the latest version, available from the Apache Website.

CVE-2026-25604

CVE-2025-69219

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.