CVE-2023-49087

The CVE-2023-49087 issue affects the xml-security library used by SimpleSAMLphp. The root cause is insufficient validation while computing or comparing signatures: if an attacker can manipulate the canonicalized DigestValue, the cryptographic signature on the SignedInfo tree could be forged. The ...

CVE-2026-32600

XML-Security library (xml-security) is affected in versions prior to 2.3.1 and 1.13.9 where AES-GCM encrypted XML nodes do not validate the authentication tag length. This can allow an attacker to brute-force the authentication tag, recover the GHASH key, decrypt encrypted nodes, and forge cipher...