CVE-2026-41577 authentik: SAML source does not validate Conditions, timing, or audience on assertions

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...

CVE-2026-9093

In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...

EUVD-2026-32945

In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/samlsp.go never sets AudienceURI on the gosaml2 SAMLServiceProvider struct and never inspects...

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor 2.362.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the SAML service provider’s failure to validate the...

CVE-2024-5272

Mattermost versions 9.5.x = 9.5.3, 9.6.x = 9.6.1, 8.1.x = 8.1.12 fail to restrict the audience of the "customplaybooksplaybookrunupdated" webhook event, which allows a guest on a channel with a playbook run linked to see all the details of the playbook run when the run is marked by finished...

GHSA-QPWJ-MVV7-V3M9 High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2

The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and 1.3.x before 1.3.1 do not match SAML AudienceRestriction values against configured audience URIs, which might allow remote attackers to have bypass intended restrictions and have unspecified other impact via a crafted SAML token...

Slack SAML authentication bypass

tl;dr I found a severe issue in the Slack's SAML implementation that allowed me to bypass the authentication. This has now been solved by Slack. Introduction IMHO the rule 1 of any bug hunter note I do not consider myself one of them since I do this really sporadically is to have a good RSS feed...

PT-2015-4558 · Jboss · Picketlink

Name of the Vulnerable Software and Affected Versions: PicketLink versions prior to 2.7.0 Description: The issue allows remote attackers to log in to other users' accounts via a crafted SAML assertion because the Service Provider SP in PicketLink does not ensure that it is a member of an Audience...

Red Hat PicketLink SAML Assertion AudienceRestriction Security Bypass Vulnerability

Red Hat PicketLink a unified identity management framework for Java applications. A security bypass vulnerability exists in Red Hat PicketLink that could be exploited by an attacker to bypass security restrictions and perform unauthorized access...