3 matches found
CVE-2026-55789
Logto’s self-hosted SAML IdP (prior to v1.41.0) was vulnerable: it built signed SAML responses by substituting user-controlled profile attributes into an unescaped XML template, allowing an authenticated low-privilege user to forge a SAML attribute (e.g., role) and cause privilege escalation at r...
CVE-2026-55789 Logto: SAML IdP injects user-controlled profile attributes raw into signed assertions, allowing privilege escalation at relying Service Providers
Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's self-hosted SAML application IdP built the signed SAML response and assertion by string-substituting user-controlled profile attributes such as name, email, and custom attribute-mapping values into...
PT-2026-57292
Name of the Vulnerable Software and Affected Versions Logto versions prior to 1.41.0 Description The self-hosted SAML application IdP constructs signed SAML responses and assertions by substituting user-controlled profile attributes, such as name, email, and custom attribute-mapping values, into...