ByteOS Network

tngan

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2026-46490

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-8.7||HIGH

EPSS-0.38% / 29.97%

7 Day CHG+0.06%

Published-08 Jun, 2026 | 18:41

Updated-09 Jun, 2026 | 16:48

samlify: XML Injection in AttributeValue Allows Privilege Escalation in Signed SAML Assertions

samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:AttributeValue>) are not escaped. A normal user can inject XML markup into an attribute value (e.g., email, name) and add new <saml:Attribute> elements inside the signed assertion. The IdP then signs the tampered assertion and the SP accepts the injected attributes as trusted. This allows privilege escalation when attributes are used for authorization (roles/groups). This issue has been patched in version 2.13.0.

Vendor-samlify_project tngan

Product-samlify samlify

CWE ID-CWE-91

XML Injection (aka Blind XPath Injection)

CVE-2025-47949

Assigner-GitHub, Inc.

View Details

Assigner-GitHub, Inc.

CVSS Score-9.9||CRITICAL

EPSS-0.47% / 37.09%

7 Day CHG~0.00%

Published-19 May, 2025 | 19:28

Updated-19 Sep, 2025 | 17:32

samlify SAML Signature Wrapping attack

samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue.

Vendor-samlify_project tngan

Product-samlify samlify

CWE ID-CWE-347

Improper Verification of Cryptographic Signature