{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/scitokens/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-32716"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["authorization-bypass","scitokens","CVE-2026-32716"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSciTokens is a reference library for generating and using SciTokens. Versions prior to 1.9.6 are vulnerable to an authorization bypass. The vulnerability, identified as CVE-2026-32716, stems from incorrect validation of scope paths within the Enforcer component. Instead of performing an exact match, the Enforcer uses a simple prefix match (startswith). This flaw allows a token authorized for a specific path (e.g., \u003ccode\u003e/john\u003c/code\u003e) to also gain unauthorized access to sibling paths sharing the same…\u003c/p\u003e\n","date_modified":"2026-03-31T03:17:16Z","date_published":"2026-03-31T03:17:16Z","id":"/briefs/2026-04-scitokens-auth-bypass/","summary":"SciTokens versions prior to 1.9.6 incorrectly validate scope paths using a prefix match, leading to an authorization bypass vulnerability where a token with access to a specific path can access sibling paths with the same prefix.","title":"SciTokens Authorization Bypass Vulnerability (CVE-2026-32716)","url":"https://feed.craftedsignal.io/briefs/2026-04-scitokens-auth-bypass/"},{"_cs_actors":[],"_cs_cves":[{"cvss":8.1,"id":"CVE-2026-32727"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["scitokens","path-traversal","cve-2026-32727","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe SciTokens library, a reference implementation for generating and using SciTokens, is susceptible to a path traversal vulnerability affecting versions prior to 1.9.7. This vulnerability, identified as CVE-2026-32727, stems from the library\u0026rsquo;s Enforcer component. An attacker can exploit this flaw by crafting a malicious token containing a scope claim with \u0026ldquo;dot-dot\u0026rdquo; (..) sequences. These sequences allow the attacker to navigate outside the intended directory restriction, potentially accessing…\u003c/p\u003e\n","date_modified":"2026-03-31T03:15:57Z","date_published":"2026-03-31T03:15:57Z","id":"/briefs/2024-01-23-scitokens-path-traversal/","summary":"A path traversal vulnerability (CVE-2026-32727) in SciTokens library versions prior to 1.9.7 allows attackers to bypass intended directory restrictions using dot-dot sequences in the scope claim of a token due to improper path normalization.","title":"SciTokens Library Path Traversal Vulnerability (CVE-2026-32727)","url":"https://feed.craftedsignal.io/briefs/2024-01-23-scitokens-path-traversal/"},{"_cs_actors":[],"_cs_cves":[{"cvss":9.8,"id":"CVE-2026-32714"}],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["sql-injection","scitokens","cve-2026-32714","web-application"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eSciTokens is a reference library for generating and using SciTokens. A critical SQL injection vulnerability, identified as CVE-2026-32714, affects SciTokens versions prior to 1.9.6. The vulnerability resides within the \u003ccode\u003eKeyCache\u003c/code\u003e class, which improperly utilizes Python\u0026rsquo;s \u003ccode\u003estr.format()\u003c/code\u003e to construct SQL queries. This allows an attacker to inject arbitrary SQL commands by manipulating user-supplied data, such as the \u003ccode\u003eissuer\u003c/code\u003e and \u003ccode\u003ekey_id\u003c/code\u003e parameters, during interactions with the local SQLite…\u003c/p\u003e\n","date_modified":"2026-03-31T03:15:55Z","date_published":"2026-03-31T03:15:55Z","id":"/briefs/2026-03-scitokens-sqli/","summary":"A SQL injection vulnerability exists in SciTokens versions before 1.9.6, allowing attackers to execute arbitrary SQL commands via the KeyCache class by manipulating user-supplied data used in SQL query construction.","title":"SciTokens KeyCache SQL Injection Vulnerability (CVE-2026-32714)","url":"https://feed.craftedsignal.io/briefs/2026-03-scitokens-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — Scitokens","version":"https://jsonfeed.org/version/1.1"}