13 matches found
CVE-2026-16093
Keycloak provides a mechanism called Client Policies to enforce security requirements on clients, such as requiring them to use signed JWTs for authentication. A flaw was discovered where this enforcement can be bypassed. An attacker with valid client credentials can provide a fake, unsigned...
CVE-2026-16093
CVE-2026-16093 affects Keycloak’s Client Policies by allowing bypass of the requirement to use signed JWTs. A flaw lets an attacker with valid client credentials submit a fake, unsigned assertion header, making the system think policy requirements are met and enabling authentication with simpler ...
CVE-2026-16093 Keycloak-services: keycloak-services: required signed-jwt assertion policy can be bypassed with unsigned assertion headers
Keycloak provides a mechanism called Client Policies to enforce security requirements on clients, such as requiring them to use signed JWTs for authentication. A flaw was discovered where this enforcement can be bypassed. An attacker with valid client credentials can provide a fake, unsigned...
CVE-2026-34840
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation App/FeatureSet/Identity/Utils/SSO.ts has decoupled signature verification and identity extraction. isSignatureValid verifies the first element in the XML DOM using...
CVE-2026-34840
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation App/FeatureSet/Identity/Utils/SSO.ts has decoupled signature verification and identity extraction. isSignatureValid verifies the first element in the XML DOM using...
EUVD-2026-18533
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation App/FeatureSet/Identity/Utils/SSO.ts has decoupled signature verification and identity extraction. isSignatureValid verifies the first element in the XML DOM using...
CVE-2026-34840 OneUptime SSO: Multi-Assertion Identity Injection via Decoupled Signature Verification
OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation App/FeatureSet/Identity/Utils/SSO.ts has decoupled signature verification and identity extraction. isSignatureValid verifies the first element in the XML DOM using...
CVE-2026-34840
CVE-2026-34840 – OneUptime SSO (SAML) decoupled signature verification . Prior to 10.0.42, OneUptime’s SSO.ts uses isSignatureValid() to verify only the first in the XML DOM with xml-crypto while getEmail() reads identity from assertion[0] via xml2js, enabling an attacker to prepend an unsigned ...
PT-2026-29882
Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.42 Description OneUptime, an open-source monitoring and observability platform, had a flaw in its SAML SSO implementation located in App/FeatureSet/Identity/Utils/SSO.ts. The issue stemmed from a separation...
Improper Verification of Cryptographic Signature
Overview @node-saml/node-saml is a SAML 2.0 implementation for Node.js Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via validatePostResponseAsync due to loading of the assertion from the unsigned original response document. An attacker can...
CVE-2025-54369
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify...
CVE-2025-54369 Node-SAML SAML Authentication Bypass
Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the unsigned original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify...
lasso: XML signature wrapping vulnerability when parsing SAML responses
An XML Signature Wrapping XSW vulnerability was found in Lasso. This flaw allows an attacker to modify a valid SAML response to include an unsigned SAML assertion, which may be used to impersonate another valid user recognized by the service using Lasso. The highest threat from this vulnerability...