SciTokens Authorization Bypass Vulnerability (CVE-2026-32716)
SciTokens versions prior to 1.9.6 incorrectly validate scope paths using a prefix match, leading to an authorization bypass vulnerability where a token with access to a specific path can access sibling paths with the same prefix.
SciTokens is a reference library for generating and using SciTokens. Versions prior to 1.9.6 are vulnerable to an authorization bypass. The vulnerability, identified as CVE-2026-32716, stems from incorrect validation of scope paths within the Enforcer component. Instead of performing an exact match, the Enforcer uses a simple prefix match (startswith). This flaw allows a token authorized for a specific path (e.g., /john) to also gain unauthorized access to sibling paths sharing the same…
Detection coverage 2
SciTokens Authorization Bypass Attempt (Path Prefix)
mediumDetects attempts to access resources with path prefixes, potentially indicating exploitation of CVE-2026-32716.
SciTokens Version Detection via User-Agent
infoDetects clients potentially using vulnerable SciTokens library versions based on User-Agent strings.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1
3
url