Tag
high
advisory
SciTokens Authorization Bypass Vulnerability (CVE-2026-32716)
2 rules 1 TTP 1 CVE 4 IOCsSciTokens versions prior to 1.9.6 incorrectly validate scope paths using a prefix match, leading to an authorization bypass vulnerability where a token with access to a specific path can access sibling paths with the same prefix.
authorization-bypass
scitokens
CVE-2026-32716
2r
1t
1c
4i
high
advisory
SciTokens Library Path Traversal Vulnerability (CVE-2026-32727)
2 rules 1 TTP 1 CVEA path traversal vulnerability (CVE-2026-32727) in SciTokens library versions prior to 1.9.7 allows attackers to bypass intended directory restrictions using dot-dot sequences in the scope claim of a token due to improper path normalization.
scitokens
path-traversal
cve-2026-32727
vulnerability
2r
1t
1c
critical
advisory
SciTokens KeyCache SQL Injection Vulnerability (CVE-2026-32714)
2 rules 3 TTPs 1 CVEA SQL injection vulnerability exists in SciTokens versions before 1.9.6, allowing attackers to execute arbitrary SQL commands via the KeyCache class by manipulating user-supplied data used in SQL query construction.
sql-injection
scitokens
cve-2026-32714
web-application
2r
3t
1c