CVE-2026-41577 authentik: SAML source does not validate Conditions, timing, or audience on assertions

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...

PT-2026-44425

Name of the Vulnerable Software and Affected Versions Casdoor versions prior to 2.363.0 Description Casdoor fails to enforce SAML assertion time bounds. The gosaml2 library calculates time-validation results, such as NotOnOrAfter and NotBefore, and reports them in the assertionInfo.WarningInfo...

The vulnerability of the BIND DNS server arises from improper validation of assertions, which leads to incomplete cleanup. This allows attackers to perform a denial-of-service attack.

The vulnerability of the BIND DNS server relates to the possibility of exploiting certain vulnerabilities during DNS query processing. Exploiting this vulnerability allows a malicious actor to send repetitive request patterns to servers with enabled DNSSEC-Vvalidated Cache synth-from-dnssec,...

Debian DLA-2707-1 : sogo - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2707 advisory. - SOGo 2.x before 2.4.1 and 3.x through 5.x before 5.1.1 does not validate the signatures of any SAML assertions it receives. Any actor with network access to the deploymen...