CVE-2026-32716 SciTokens: Authorization Bypass via Incorrect Scope Path Prefix Checking

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.6, the Enforcer incorrectly validates scope paths by using a simple prefix match startswith. This allows a token with access to a specific path e.g., /john to also access sibling paths that start with the sa...

GHSA-P799-G7VV-F279 Romeo is vulnerable to Archive Slip due to missing checks in sanitization

Summary The sanitizeArchivePath function in webserver/api/v1/decoder.go lines 80-88 is vulnerable to a path traversal bypass due to a missing trailing path separator in the strings.HasPrefix check. A crafted tar archive can write files outside the intended destination directory. Vulnerable Code...