294 matches found
CVE-2026-44946
CVE-2026-44946 describes a SAML authentication replay vulnerability in Rancher’s Assertion Consumer Service (ACS) handler, where one-time use of SAML assertions was not enforced. The issue can enable man‑in‑the‑middle style abuse against Rancher, affecting Rancher 2.14.0 up to (but not including)...
CVE-2026-11800
A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...
org.keycloak:keycloak-services: Keycloak: Authentication bypass via JWT algorithm confusion
A flaw was found in Keycloak. This JWT algorithm confusion vulnerability in the JWT Authorization Grant flow allows an attacker with valid client credentials to bypass signature verification. By forging an assertion, the attacker can create unauthorized access tokens. This enables the attacker to...
CVE-2026-49839
jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...
PT-2026-52592
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A JWT algorithm confusion flaw exists in the JWT Authorization Grant flow. An attacker possessing valid client credentials can bypass signature verification by forging an assertion. This...
CVE-2026-46423
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML service provider implementation silently skips both SAML Response and Assertion signature validation when the configured Id...
CVE-2026-46423 Rocket.Chat: SAML signature validation skipped when IdP certificate field is empty
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's SAML service provider implementation silently skips both SAML Response and Assertion signature validation when the configured Id...
CVE-2026-56223
Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...
CVE-2026-56223
Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...
EUVD-2026-38737
Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without validating SSO provider domain authorization. An attacker with enterprise org admin access and a...
PT-2026-52096
Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Rocket.Chat versions prior to 8.4.1 Rocket.Chat versions prior to 8.3.3 Rocket.Chat versions prior to 8.2.3 Rocket.Chat versions prior to 8.1.4 Rocket.Chat versions prior to 8.0.5 Rocket.Chat versions prior ...
Astra Linux – Vulnerability in Firefox
Context-specific code was included in a shared jump table, resulting in assertions being triggered in multithreaded Wasm code. This vulnerability affects Firefox versions earlier than 86...
CVE-2026-41005 UAA accepts SAML Encrypted Assertions authentication bypass
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...
CVE-2026-41005 UAA accepts SAML Encrypted Assertions authentication bypass
Cloud Foundry UAA incorrectly treated XML encryption to the Service Provider confidentiality as a substitute for XML signatures from the Identity Provider authenticity in two SAML flows: the OAuth 2.0 SAML2 bearer grant token endpoint and browser SSO ACS when wantAssertionSigned is set to false...
CVE-2026-41005 - UAA accepts SAML Encrypted Assertions authentication bypass | Cloud Foundry
Severity CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H 9.0 / Critical CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H 9.5 / Critical Vendor CloudFoundry Foundation Description Cloud Foundry UAA versions v2.0.0 through v78.13.0 incorrectly treated XML encryption to the Service...
Spring Security 加密问题漏洞
Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. Spring Security has a data manipulation vulnerability, which stems from SAML decryption of SAML responses, as well as SAML logout requests and logout responses whose...
CVE-2026-46490
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...
CVE-2026-46490 samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...
Fedora 44 : rust (2026-e251935c8f)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e251935c8f advisory. Update to Rust 1.96.0: New Range types Assert matching patterns Changes to WebAssembly targets Stabilized APIs Cargo CVE-2026-5222 and CVE-2026-5223...
CVE-2026-22734
Cloud Foundry UUA is vulnerable to a bypass that allows an attacker to obtain a token for any user and gain access to UAA-protected systems. This vulnerability exists when SAML 2.0 bearer assertions are enabled for a client, as the UAA accepts SAML 2.0 bearer assertions that are neither signed no...