CVE-2026-41669

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...

GHSA-5X9F-6VG5-QG4M Omni has a TOCTOU race condition that allows multiple concurrent uses of a single-use SAML session token

Summary SAML.getSession internal/pkg/auth/interceptor/saml.go checks the Used flag on a SAMLAssertion resource and then marks it used in two separate state operations. Because the check and the update are not atomic, concurrent requests carrying the same saml-session token can both observe Used =...

PT-2026-45833

Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.12.5 authentik versions prior to 2026.2.3 Description The SAML source response processor ResponseProcessor.parse fails to validate the Conditions element on assertions. Specifically, NotBefore, NotOnOrAfter, an...

CVE-2026-9330

IBM WebSphere Application Server 9.0 and 8.5 are affected by CVE-2026-9330 due to improper validation of user-supplied data during deserialization in the SAML Web Single Sign-On component, potentially enabling remote code execution via a crafted HTTP request with a gadget chain. Affected products...

CVE-2026-49381

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible...

EUVD-2026-33388

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible...

CVE-2026-49381

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible...

CVE-2026-5343 SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...

CVE-2026-9098 CVE-2026-9098

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

CVE-2026-9096

CVE-2026-9096 affects Casdoor

CVE-2026-9095 CVE-2026-9095

Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...

CVE-2026-9794

Keycloak contains an information-disclosure flaw (CVE-2026-9794) where a remote, unauthenticated attacker can send crafted SOAP requests to the SAML ECP endpoint and observe differing faultstrings to infer the client protocol type. This is the scoped impact reported across NVD/Red Hat CVE entries...

CVE-2026-9794

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy endpoint with varying client IDs. By observing distinct faultstrings in the...

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained a security vulnerability. This vulnerability stemmed from the buildSpCertificateStore function, which directly extracted X.509...

keycloak: Keycloak: Denial of Service via specially crafted SAML input

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

GHSA-P5MV-GJ8J-XQGF Keycloak: Denial of Service via specially crafted SAML input

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability that stems from remote, unauthenticated attackers being able to send specially crafted XML inputs to SAML endpoints. This vulnerability can lead to high CPU usage and wo...

PT-2026-41878

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the Security Assertion Markup Language SAML endpoint allows a remote, unauthenticated attacker to send specially crafted XML input. This improper input validation can cause high CP...

CVE-2026-42354

Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity...

EUVD-2026-28279

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...