SciTokens Library Path Traversal Vulnerability (CVE-2026-32727)
A path traversal vulnerability (CVE-2026-32727) in SciTokens library versions prior to 1.9.7 allows attackers to bypass intended directory restrictions using dot-dot sequences in the scope claim of a token due to improper path normalization.
The SciTokens library, a reference implementation for generating and using SciTokens, is susceptible to a path traversal vulnerability affecting versions prior to 1.9.7. This vulnerability, identified as CVE-2026-32727, stems from the library’s Enforcer component. An attacker can exploit this flaw by crafting a malicious token containing a scope claim with “dot-dot” (..) sequences. These sequences allow the attacker to navigate outside the intended directory restriction, potentially accessing…
Detection coverage 2
Detect SciTokens Path Traversal Attempt via HTTP Request
highDetects potential path traversal attempts in HTTP requests targeting SciTokens-protected resources by looking for '..' sequences in the URI query or path.
Detect SciTokens Path Traversal Attempt in Web Logs
highDetects path traversal attempts using '..' sequences within web server logs, indicating a potential SciTokens scope bypass.
Detection queries are kept inside the platform. Get full rules →