4 matches found
CVE-2026-32726
SciTokens C++ prior to 1.4.1 contains an authorization bypass in path-based scope validation. The enforcer used a string-prefix check without requiring a path boundary, allowing a token scoped to one path to authorize sibling paths sharing a prefix. This vulnerability has a CVSS v3.1 base score o...
EUVD-2026-17563
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...
CVE-2026-32726
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...
CVE-2026-32726 SciTokens C++: Sibling-Path Authorization Bypass
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was...