https://feed.craftedsignal.io/tags/cve-2026-32727/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 31 Mar 2026 03:15:57 +0000https://feed.craftedsignal.io/briefs/2024-01-23-scitokens-path-traversal/Tue, 31 Mar 2026 03:15:57 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-23-scitokens-path-traversal/A path traversal vulnerability (CVE-2026-32727) in SciTokens library versions prior to 1.9.7 allows attackers to bypass intended directory restrictions using dot-dot sequences in the scope claim of a token due to improper path normalization.The SciTokens library, a reference implementation for generating and using SciTokens, is susceptible to a path traversal vulnerability affecting versions prior to 1.9.7. This vulnerability, identified as CVE-2026-32727, stems from the library’s Enforcer component. An attacker can exploit this flaw by crafting a malicious token containing a scope claim with “dot-dot” (..) sequences. These sequences allow the attacker to navigate outside the intended directory restriction, potentially accessing…

]]>highadvisoryscitokenspath-traversalcve-2026-32727vulnerability