CVE-2026-47201 authentik: XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed...

GHSA-C3M2-JQMQ-PVP3 authentik's XML Signature Wrapping in SAML Source ACS allows authentication as arbitrary federated user

Summary authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at the upstream IdP can reuse a valid signed assertion to authenticate as another federated user. Patches authentik 2026.5.1, 2026.2.4 and...

CVE-2026-42354

Summary of technical details : Sentry versions 21.12.0 through 26.4.0 contain a critical flaw in the SAML SSO implementation that lets an attacker take over a user account by using a malicious Identity Provider and another organization within the same Sentry instance. The attacker must know the v...

CVE-2026-22032

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the RelayState parameter is intended to preserve the user's original...

CVE-2026-22032 Directus has open redirect in SAML

Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.14.0, an open redirect vulnerability exists in the Directus SAML authentication callback endpoint. During SAML authentication, the RelayState parameter is intended to preserve the user's original...

CVE-2024-5270

Mattermost versions 9.5.x = 9.5.3, 9.7.x = 9.7.1, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to check if the email signup configuration option is enabled when a user requests to switch from SAML to Email. This allows the user to switch their authentication mail from SAML to email and possibly edit...

Talend Data Catalog 授权问题漏洞

Talend Data Catalog is a combined data cataloging and metadata management tool from Talend USA. It is used to connect data from platforms, databases and analytics tools to generate a holistic view of the information supply chain in a language everyone can understand. A security vulnerability...

DRUPAL-CONTRIB-2021-006

The SAML Authentication module allows users to authenticate against a SAML identity provider to login to your Drupal site. The module doesn't sufficiently protect against unauthorized local access, by way of using the 'password reset' facility, for users who are supposed to only be able to log in...