Skip to content
Threat Feed

Vendor

SimpleSAMLphp

3 briefs RSS
high advisory

SimpleSAMLphp HTTP-Artifact Authentication Bypass via TLS Validator Confusion (CVE-2026-49283)

A critical vulnerability (CVE-2026-49283) in SimpleSAMLphp's HTTP-Artifact receive path allows a malicious or lower-trust Identity Provider (IdP) to bypass authentication and impersonate users from a higher-trust IdP by leveraging a flaw where `SOAPClient::validateSSL()` fails to properly validate TLS public keys for unsigned SAML Responses.

SimpleSAMLphp SAML2 +3 vulnerability saml authentication-bypass identity-federation
1t
medium advisory

SimpleSAMLphp Vulnerable to Denial-of-Service via Malicious XPath Transform

SimpleSAMLphp and its SAML2 library are vulnerable to CVE-2026-49289, allowing attackers to perform a Denial-of-Service attack by sending specially crafted SAML messages containing XPath transforms, leading to resource exhaustion and service unavailability.

composer/simplesamlphp/saml2 <= 4.20.2 +1 denial-of-service vulnerability saml php
1t
high advisory

SimpleSAMLphp SP IdP Bypass Vulnerability (CVE-2026-49284)

SimpleSAMLphp's Service Provider (SP) does not properly enforce the expected Identity Provider (IdP) for an SP-initiated login when a response from a different IdP is received, allowing an attacker to exploit CVE-2026-49284 in multi-IdP deployments to bypass authentication and authorization controls by substituting a lower-trust IdP's response for a higher-trust one, potentially gaining unauthorized access or elevating privileges if application authorization relies on the specific IdP used.

simplesamlphp +1 saml vulnerability web-application authentication-bypass authorization-bypass
3t