PT-2026-45833

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, the SAML source response processor ResponseProcessor.parse does not validate the Conditions element on assertions. NotBefore, NotOnOrAfter, and AudienceRestriction are all ignored. This allows replay of expir...

CVE-2026-9330

IBM WebSphere Application Server 9.0 and 8.5 are affected by CVE-2026-9330 due to improper validation of user-supplied data during deserialization in the SAML Web Single Sign-On component, potentially enabling remote code execution via a crafted HTTP request with a gadget chain. Affected products...

CVE-2026-49381

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible...

EUVD-2026-33388

In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible...

CVE-2026-49381

In JetBrains TeamCity before 2026.1 stored XSS on the SAML login page was possible...

CVE-2026-5343 SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4...

CVE-2026-9098 CVE-2026-9098

In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an IdP...

CVE-2026-9096

CVE-2026-9096 affects Casdoor

CVE-2026-9095 CVE-2026-9095

Casdoor versions 2.362.0 and earlier map SAML assertions to user sessions without replay protection. The ParseSamlResponse function in object/samlsp.go calls sp.RetrieveAssertionInfo and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcemen...

CVE-2026-9794

Keycloak contains an information-disclosure flaw (CVE-2026-9794) where a remote, unauthenticated attacker can send crafted SOAP requests to the SAML ECP endpoint and observe differing faultstrings to infer the client protocol type. This is the scoped impact reported across NVD/Red Hat CVE entries...

CVE-2026-9794

A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP Security Assertion Markup Language Enhanced Client or Proxy endpoint with varying client IDs. By observing distinct faultstrings in the...

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained a security vulnerability. This vulnerability stemmed from the buildSpCertificateStore function, which directly extracted X.509...

keycloak: Keycloak: Denial of Service via specially crafted SAML input

A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup Language SAML endpoint. This malicious input can cause high CPU usage and worker thread starvation, leading to a Denial of Service DoS where the server becomes...

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability that stems from remote, unauthenticated attackers being able to send specially crafted XML inputs to SAML endpoints. This vulnerability can lead to high CPU usage and wo...

CVE-2026-42354

Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity...

EUVD-2026-28279

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...

CVE-2026-41669 Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed

Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of its validateSignature method at both call sites handleSSORequest line 418 and handleSLORequest line 613. The method returns error strings on...

Open Redirect

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Open Redirect in the handleSSORequest process. An attacker can obtain sensitive user identity attributes and impersonate users by...

EUVD-2026-7736

Sentry: Improper authentication on SAML SSO process allows user identity linking...

CVE-2026-22560

An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint...