2216 matches found
EUVD-2026-40443
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...
CVE-2026-56350
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...
CVE-2026-56350 n8n - SSO Enforcement Bypass via API
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...
PT-2026-54039
Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.8.0 Description An authentication bypass exists that allows authenticated Single Sign-On SSO users to disable SSO enforcement via the API. This allows attackers to create local password credentials to authenticate...
PYSEC-2026-533 Sentry: Improper authentication on SAML SSO process allows user identity linking
Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same...
PYSEC-2026-534 Sentry's improper authentication on SAML SSO process allows user identity linking
Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via Sentry's private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the sa...
PYSEC-2026-532 Sentry's improper authentication on SAML SSO process allows user impersonation
Impact A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same...
GO-2026-5527 Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) in github.com/argoproj/argo-workflows
Argo Affected by SSO RBAC Delegation Nil Pointer Dereference DoS gatekeeper.go in github.com/argoproj/argo-workflows...
GHSA-V2WP-FRMC-5Q3V Lemur: ACME SSRF + creator-equality IDOR lead to AWS IAM/PKI compromise
Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via ACME acmeurl SSRF and creator-equality IDOR Vulnerability Summary Field | Value -- | -- Title | Lemur 1.9.0: any SSO-authenticated user achieves AWS IAM compromise and permanent PKI key access via...
PT-2026-52657
Name of the Vulnerable Software and Affected Versions Lemur versions prior to 1.9.0 Description Lemur is a TLS certificate management service that contains a critical authorization break resulting from a chain of three issues. First, the service auto-provisions new SSO identities as active withou...
CVE-2026-45688
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialToken value straight into a MongoDB findOneid: ... query...
CVE-2026-45688 Rocket.Chat: Pre-Auth NoSQL Injection in CAS Login Handler leading to Arbitrary CAS/SAML User Session Hijack
Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, 8.4.1, 8.3.3, 8.2.3, 8.1.4, 8.0.5, 7.13.7, and 7.10.11, Rocket.Chat's CAS login handler forwards the client-supplied options.cas.credentialToken value straight into a MongoDB findOneid: ... query...
CVE-2026-56270
Flowise before 3.1.0 versions 3.0.13 and earlier contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an...
CVE-2026-11374
CVE-2026-11374 affects ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus. The issue allows unauthenticated users to predict SSO tickets used to authenticate sessions, enabling account takeover. The CVSS v3.1 metrics in the provided data indicate a CRITICAL...
CVE-2026-12796
A flaw was found in BerriAI litellm. A remote attacker could exploit a vulnerability in the getredirectresponsefromopenid function within the SSO Authentication Flow component. This manipulation leads to session expiration, potentially causing a denial of service for authenticated users. Mitigati...
CVE-2026-12796 BerriAI litellm SSO Authentication Flow ui_sso.py get_redirect_response_from_openid session expiration
A vulnerability was identified in BerriAI litellm up to 1.82.2. This impacts the function getredirectresponsefromopenid of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Authentication Flow. The manipulation leads to session expiration. The attack is possible to be carri...
CVE-2026-12796
Affected software/impact: BerriAI litellm (up to version 1.82.2), specifically the get_redirect_response_from_openid function in litellm/proxy/management_endpoints/ui_sso.py of the SSO Authentication Flow. Root cause / vulnerability detail: The description states that manipulation leads to sessio...
EUVD-2026-38154
A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploi...
CVE-2026-12795 BerriAI litellm SSO Debug Flow ui_sso.py json.dumps missing authentication
A vulnerability was determined in BerriAI litellm up to 1.82.2. This affects the function json.dumps of the file litellm/proxy/managementendpoints/uisso.py of the component SSO Debug Flow. Executing a manipulation can lead to missing authentication. The attack can be executed remotely. The exploi...
CVE-2026-12795
CVE-2026-12795 affects BerriAI litellm up to version 1.82.2 in the SSO Debug Flow component. The vulnerability concerns the function json.dumps within litellm/proxy/management_endpoints/ui_sso.py, where manipulation can lead to missing authentication. The issue is exploitable remotely and has had...