CVE-2026-5343 (GCVE-0-2026-5343)
Vulnerability from cvelistv5 – Published: 2026-05-28 22:48 – Updated: 2026-05-29 18:38
VLAI
Title
SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031
Summary
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation.
This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.
Severity
7.4 (High)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Drupal | SAML SSO - Service Provider |
Affected:
0.0.0 , < 3.1.4
(semver)
|
Date Public
2026-04-01 16:38
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2026-5343",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-29T18:38:28.307589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-29T18:38:36.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://www.drupal.org/project/miniorange_saml",
"defaultStatus": "unaffected",
"product": "SAML SSO - Service Provider",
"repo": "https://git.drupalcode.org/project/miniorange_saml",
"vendor": "Drupal",
"versions": [
{
"lessThan": "3.1.4",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tim de Jong | Freelance Drupal Developer (tim_dj)"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Sudhanshu Dhage (sudhanshu0542)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Damien McKenna (damienmckenna)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Greg Knaddison (greggles)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Juraj Nemec (poker10)"
},
{
"lang": "en",
"type": "coordinator",
"value": "Jess (xjm)"
}
],
"datePublic": "2026-04-01T16:38:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation.\u003cp\u003eThis issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.\u003c/p\u003e"
}
],
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation.\n\nThis issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T22:48:47.591Z",
"orgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"shortName": "drupal"
},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2026-031"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "2c85b837-eb8b-40ed-9d74-228c62987387",
"assignerShortName": "drupal",
"cveId": "CVE-2026-5343",
"datePublished": "2026-05-28T22:48:47.591Z",
"dateReserved": "2026-04-01T15:41:53.003Z",
"dateUpdated": "2026-05-29T18:38:36.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-5343",
"date": "2026-06-01",
"epss": "0.00031",
"percentile": "0.09365"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-5343\",\"sourceIdentifier\":\"mlhess@drupal.org\",\"published\":\"2026-05-28T23:16:44.520\",\"lastModified\":\"2026-06-01T17:29:21.430\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation.\\n\\nThis issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"mlhess@drupal.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:*:*:*:*:*:drupal:*:*\",\"versionStartIncluding\":\"3.0.1\",\"versionEndExcluding\":\"3.1.4\",\"matchCriteriaId\":\"C6F52B9A-3CFE-466F-A234-164246498A37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.0:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"84285C85-DA43-4E22-B037-E386D9F1278B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.1:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"A217C5B5-0FD8-4AD1-932A-EACD0392F6A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.2:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"AE11E8A3-B5BB-4937-8B57-630E64E42AE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.3:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"D23AA5C4-A6AE-4AA2-82B8-DF3AA0FF04D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.4:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"DF86737D-3CAD-44E9-B071-E81C7FC1CF01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.5:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"C2E647DD-FCF7-4E66-822B-8B80010C5D08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.6:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"9078C79B-5A2F-4A7C-A8D5-3DB9496BD935\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.7:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"2C7BD10D-4D5A-4570-893A-6ED20A6D0901\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.8:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"8AECFEA3-9D8C-4255-9B51-E352620F1EA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.9:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"D447F116-3078-4C45-B2DE-2CE1AF527EAB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.91:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"5B610F53-4CA8-4871-ABB6-748924CAAADB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.92:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"A5709CAD-064C-4E3D-9851-F2B5659AB779\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.93:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"B6C89604-FC97-42B2-9768-E9CA843303C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.94:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"81AB4FDD-0AB7-4ADA-BE5D-29DAFA89AED8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.95:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"9158E6F7-B368-4D4D-941D-24FE1CF4C469\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.96:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"55E46423-A251-46BC-8390-E9B96B0C9999\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.97:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"9116503B-159E-45CE-AC5B-9DCC6FBA2F55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.98:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"BCE0965A-307A-481F-AE89-3D59ACB89587\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.99:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"BAD4936D-A79B-4C0D-AC57-05A6CB550368\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.991:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"0DB94412-B773-46DD-A30A-B17B18279FF9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.992:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"740A7FA8-562D-4F1E-A88F-0425B15C96B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.993:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"A499A397-6C64-45E4-AE5E-4EB8E70AC0F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.994:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"BEDB2E6B-66E4-4C56-B838-E67070C3E415\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-1.995:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"4A0528F0-9033-4E86-92EF-AEC3CFBEBE4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.0:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"407D66FF-2DAA-4508-BEBC-381E689E9584\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.1:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"B054CF40-DBE3-4D24-BF0D-DCDD6A398493\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.2:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"30136A1D-2253-46E5-9487-2CC862854AFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.3:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"F445C5E5-8EE3-4169-AD4B-DAD3F4CF2F5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.4:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"47613A3A-88F5-40D0-B601-67F28C2FA6FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.5:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"853ECB89-56FE-47EB-97A9-F0F3D45DEB70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.51:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"83B7C3E3-362B-48A2-9529-38B4A5A30383\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.52:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"98F5FE3F-446F-44D4-8A9C-254C425F7B9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.53:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"FE593D34-2523-443F-884F-AB9F70BDA8B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.54:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"58AB1D59-B200-4A40-81B8-93DABFADE728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.55:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"BDF488FE-0D7F-4FC3-AACA-C3EBA95467BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.56:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"69BF5026-7266-4DE8-8C3D-2DD587E94F83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.60:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"8FB34EA2-CEE6-4BCD-8CA0-1ACE01303972\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.61:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"1CD65BCA-FA32-4B29-8ABC-DDD6E5F5F983\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.70:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"D622AC8B-9C93-4980-9ED7-FB44AB85D053\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.71:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"63130FF1-60A0-4A9F-ACED-749E30E150AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:7.x-2.72:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"86DAA1E4-A7C4-4E8D-BAAC-EA29D0830645\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.0:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"624524CC-7E86-4399-9D07-42A62B8DE86E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.1:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"0261A511-1FE4-4FED-A585-008D30B14BD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.2:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"8843F860-4870-4401-89E4-EF3B03C1FC76\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.3:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"AA1F8D0E-1456-4F72-9A23-D9694472F6CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.4:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"CB400C08-920F-4164-B370-17731952492B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.5:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"EF010763-BC6C-4FC7-BD4E-972520493670\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.6:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"90079A7B-4EA8-4E92-A9E7-EE083D064D55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.7:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"5B9FBE9C-AB62-43C8-8909-B028E9906031\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.8:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"9B46E4C7-3C88-46D3-9DAA-47AD4C93491C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.9:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"1982052F-853F-444D-A00E-D80A40048CA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.10:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"72204C78-006C-4E3B-850D-FB752D82F8A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.11:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"50CFB922-DE38-483D-899E-57E068BE2907\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.12:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"F7082734-DCE0-4E86-BB04-D564FE389E9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.121:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"E13D9239-F933-4551-A75E-E8B27B3F6E19\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-1.122:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"8C9F4CC7-8E97-4760-94F7-F958AB1757F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.0:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"99FA10EB-189D-463B-A3F5-DC9696ACAC02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.1:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"BDDF6A07-C809-42FB-8F0D-309AB75E878A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.11:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"2522FA4B-CE2A-4400-ACFA-9149B2C761FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.12:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"ACAF856A-7A89-4F4C-BABA-438294EDD065\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.13:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"E63DEF35-CE9F-4FAF-B120-1C3E798BA839\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.14:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"2340C0C5-F37A-4412-8571-CECAC5A8FEA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.15:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"065C2669-52AB-4852-92B6-EF79E3CDB75B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.16:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"CC0025F1-3A5E-44BD-A7B2-5603A5AAC751\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.17:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"F9822AF6-0821-45C9-BAB5-E0A33A525857\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.18:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"9D363A34-FB03-4B57-BD85-761986741353\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.19:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"FB3F72BF-5BD2-48BF-B42E-2FF9E649C22E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.20:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"3BC649B6-F649-4C99-9737-4DDFF07734DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.21:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"3158F7E5-2657-4842-A255-DE7899FE387D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.22:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"B2656DB3-7F25-484B-9F78-FE9A00619DC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.23:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"AC3A9AF8-538D-4E86-BDFB-4517A531AA92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.24:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"0931AC5F-8D6E-426E-B7CC-B00B490AB305\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.25:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"280E6981-783C-4395-9A37-1D82A617B78B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.26:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"8ED53809-CB59-403B-B0A5-CB6985AC64EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.27:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"EB67935B-EB59-4EB1-849B-0DAA9C71A6D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:miniorange:saml_sso_-_service_provider:8.x-2.28:*:*:*:*:drupal:*:*\",\"matchCriteriaId\":\"0DC0D68D-893F-47B9-9AC8-1109ED5F524B\"}]}]}],\"references\":[{\"url\":\"https://www.drupal.org/sa-contrib-2026-031\",\"source\":\"mlhess@drupal.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-5343\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-05-29T18:38:28.307589Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-05-29T18:38:20.656Z\"}}], \"cna\": {\"title\": \"SAML SSO - Service Provider - Critical - Authentication bypass - SA-CONTRIB-2026-031\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Tim de Jong | Freelance Drupal Developer (tim_dj)\"}, {\"lang\": \"en\", \"type\": \"remediation developer\", \"value\": \"Sudhanshu Dhage (sudhanshu0542)\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"Damien McKenna (damienmckenna)\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"Greg Knaddison (greggles)\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"Juraj Nemec (poker10)\"}, {\"lang\": \"en\", \"type\": \"coordinator\", \"value\": \"Jess (xjm)\"}], \"impacts\": [{\"capecId\": \"CAPEC-233\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-233 Privilege Escalation\"}]}], \"affected\": [{\"repo\": \"https://git.drupalcode.org/project/miniorange_saml\", \"vendor\": \"Drupal\", \"product\": \"SAML SSO - Service Provider\", \"versions\": [{\"status\": \"affected\", \"version\": \"0.0.0\", \"lessThan\": \"3.1.4\", \"versionType\": \"semver\"}], \"collectionURL\": \"https://www.drupal.org/project/miniorange_saml\", \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2026-04-01T16:38:00.000Z\", \"references\": [{\"url\": \"https://www.drupal.org/sa-contrib-2026-031\"}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.2\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation.\\n\\nThis issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation.\u003cp\u003eThis issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-754\", \"description\": \"CWE-754 Improper Check for Unusual or Exceptional Conditions\"}]}], \"providerMetadata\": {\"orgId\": \"2c85b837-eb8b-40ed-9d74-228c62987387\", \"shortName\": \"drupal\", \"dateUpdated\": \"2026-05-28T22:48:47.591Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-5343\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-29T18:38:36.072Z\", \"dateReserved\": \"2026-04-01T15:41:53.003Z\", \"assignerOrgId\": \"2c85b837-eb8b-40ed-9d74-228c62987387\", \"datePublished\": \"2026-05-28T22:48:47.591Z\", \"assignerShortName\": \"drupal\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…