CVE-2026-49284
HIGH SEVERITYCVSS Score & Metrics
Base Score
7.1 / 10
Vulnerability Description
SimpleSAMLphp SP accepts a response from an unexpected IdP when unsigned `Response/InResponseTo` is combined with a signed assertion lacking `SubjectConfirmationData/InResponseTo`
Vulnerability Details
Published Date
Last Modified
Source
GitHub
Vendor
composer
Product
simplesamlphp/simplesamlphp
Discussion (0)
Add Comment
No comments yet. Be the first!