Lucene search
K

6 matches found

EUVD
EUVD
added 2026/06/26 9:5 p.m.13 views

EUVD-2026-37950

Relyra SAML SignatureValue not cryptographically verified - authentication bypass...

9.1CVSS5.8AI score0.00135EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 9:16 p.m.14 views

CVE-2026-49454

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was...

9.1CVSS0.00135EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/18 8:52 p.m.7 views

CVE-2026-49454

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was...

9.1CVSS5.3AI score0.00135EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/18 8:52 p.m.23 views

CVE-2026-49454 Relyra SAML SignatureValue not cryptographically verified -> authentication bypass

Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verified before the library returned a successful authentication result. The XMLDSig trust boundary was...

9.1CVSS0.00135EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 8:52 p.m.40 views

CVE-2026-49454

Relyra (Elixir/Phoenix SAML SP) versions 1.0.0 and 1.1.0 are affected by an authentication bypass due to forged SignatureValue not being cryptographically verified in SAML 2.0 processing. The XMLDSig trust boundary was incomplete: :public_key.verify over the exclusive-C14N SignedInfo was not chec...

9.1CVSS5.3AI score0.00135EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.24 views

PT-2026-50796

Name of the Vulnerable Software and Affected Versions Relyra versions 1.0.0 through 1.1.0 Description Relyra is a SAML 2.0 Service Provider library for Elixir and Phoenix that accepts forged SAML signatures. This occurs because the SignatureValue is not cryptographically verified before the libra...

9.1CVSS5.8AI score0.00135EPSS
Exploits0References9
Rows per page
Query Builder