SUSE CVE-2026-32727

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library...

EUVD-2026-17292

SciTokens has an Authorization Bypass via Path Traversal in Scope Validation...

CVE-2026-32725

Summary: SciTokens C++ (scitokens-cpp) before 1.4.1 is vulnerable to an authorization bypass due to path-based scope handling. The library normalizes the token’s scope path and collapses ".." components instead of rejecting them, allowing potential parent-directory traversal to broaden authorizat...

CVE-2026-32727

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library...

Directory Traversal

Overview scitokens is a SciToken reference implementation library Affected versions of this package are vulnerable to Directory Traversal via the checkscope and scopepathmatches functions. An attacker can gain unauthorized access to restricted directories by including dot-dot .. sequences in the...

CVE-2026-32727

SciTokens is a reference library for generating and using SciTokens. Prior to version 1.9.7, the Enforcer is vulnerable to a path traversal attack where an attacker can use dot-dot .. in the scope claim of a token to escape the intended directory restriction. This occurs because the library...

PT-2026-29185

Name of the Vulnerable Software and Affected Versions SciTokens versions prior to 1.9.7 Description SciTokens is a library for generating and using SciTokens. The Enforcer component is susceptible to a path traversal issue. An attacker can exploit this by including 'dot-dot' .. sequences within t...