Back to CVE List

CVE-2026-49284

HIGH SEVERITY

CVSS Score & Metrics

Base Score
7.1 / 10

Vulnerability Description

SimpleSAMLphp SP accepts a response from an unexpected IdP when unsigned `Response/InResponseTo` is combined with a signed assertion lacking `SubjectConfirmationData/InResponseTo`

Vulnerability Details

Published Date
Last Modified
Source
GitHub
Vendor
composer
Product
simplesamlphp/simplesamlphp

External References

Discussion (0)

Add Comment

No comments yet. Be the first!