Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

samlify

Source -

CNANVD

CNA CVEs -

2

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2026-46490
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.38% / 29.97%
||
7 Day CHG+0.06%
Published-08 Jun, 2026 | 18:41
Updated-09 Jun, 2026 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:AttributeValue>) are not escaped. A normal user can inject XML markup into an attribute value (e.g., email, name) and add new <saml:Attribute> elements inside the signed assertion. The IdP then signs the tampered assertion and the SP accepts the injected attributes as trusted. This allows privilege escalation when attributes are used for authorization (roles/groups). This issue has been patched in version 2.13.0.

Action-Not Available
Vendor-samlify_projecttngan
Product-samlifysamlify
CWE ID-CWE-91
XML Injection (aka Blind XPath Injection)
CVE-2025-47949
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.47% / 37.09%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 19:28
Updated-19 Sep, 2025 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
samlify SAML Signature Wrapping attack

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.

Action-Not Available
Vendor-samlify_projecttngan
Product-samlifysamlify
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2017-1000452
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.38% / 68.60%
||
7 Day CHG~0.00%
Published-02 Jan, 2018 | 17:00
Updated-17 Sep, 2024 | 04:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.

Action-Not Available
Vendor-samlify_projectn/a
Product-samlifyn/a
CWE ID-CWE-91
XML Injection (aka Blind XPath Injection)