35 matches found
CVE-2026-46490
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...
CVE-2026-46490
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...
EUVD-2026-35188
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...
CVE-2026-46490 samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...
CVE-2026-46490
CVE-2026-46490 affects samlify (Node.js) prior to v2.13.0. The issue: template substitution only escapes attribute contexts; values placed in element text (e.g., saml:AttributeValue ) aren’t escaped. An attacker can inject XML markup into attribute values (e.g., email, name) and insert new saml:A...
CVE-2026-46490
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elemen...
@altipla/directus-sdk-utils (=0.7.2), @better-auth/infra (>=0.1.7 <=0.1.8) +39 more potentially affected by CVE-2026-46490 via samlify (>=2.10.0 <=2.12.0)
samlify NPM version =2.10.0, =0.1.7, =1.6.0, =2.10.4, =1.0.0, =1.0.0, =11.16.1-depup.0, =27.1.0, =0.73.0, =0.0.0-chat-to-edit-20251124233201, =0.0.0-chat-to-edit-20251124233201, =0.75.0 and more Source cves: CVE-2026-46490 Source advisory: OSV:GHSA-34R5-Q4JW-R36M...
@altipla/directus-sdk-utils (=0.7.2), @better-auth/infra (>=0.1.7 <=0.1.8) +39 more potentially affected by CVE-2026-46490 via samlify (>=2.10.0 <=2.12.0)
samlify NPM version =2.10.0, =0.1.7, =1.6.0, =2.10.4, =1.0.0, =1.0.0, =11.16.1-depup.0, =27.1.0, =0.73.0, =0.0.0-chat-to-edit-20251124233201, =0.0.0-chat-to-edit-20251124233201, =0.75.0 and more Source cves: CVE-2026-46490 Source advisory: SNYK:JS-SAMLIFY-16796318...
samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
Summary samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elements inside the signed assertion. The IdP then signs the tampered asserti...
NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions
NPM: samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions vulnerability discovered by ? in WordPress Npm samlify versions 2.13.0...
XML Injection
Overview samlify is a Highly configuarable Node.js SAML 2.0 library for Single Sign On. Affected versions of this package are vulnerable to XML Injection via the replaceTagsByValue function. An attacker can inject arbitrary XML markup into SAML assertions by supplying crafted attribute values,...
PT-2026-42587
Summary samlify’s template substitution only escapes attribute contexts. Values inserted into element text e.g., are not escaped. A normal user can inject XML markup into an attribute value e.g., email, name and add new elements inside the signed assertion. The IdP then signs the tampered asserti...
PT-2026-42665
Name of the Vulnerable Software and Affected Versions samlify versions prior to 2.13.0 Description samlify is a Node.js library for SAML single sign-on. The template substitution mechanism only escapes attribute contexts, meaning values inserted into element text, such as , are not escaped. This...
EUVD-2018-0156
Malware in sbrugna...
CVE-2017-1000452
An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users...
CVE-2025-47949
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...
samlify SAML Signature Wrapping attack
A Signature Wrapping attack has been found in samlify v2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider...
GHSA-R683-V43C-6XQV samlify SAML Signature Wrapping attack
A Signature Wrapping attack has been found in samlify v2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider...
CVE-2025-47949
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fix...
CVE-2025-47949
Summary: samlify (Node.js SAML library) has a Signature Wrapping vulnerability in versions prior to 2.10.0, enabling an attacker to forge a SAML Response to impersonate any user. An attacker would need a signed XML document from the identity provider. Fix/mitigation: Upgrade to version 2.10.0 or ...