simplesamlphp/saml2 Security Advisories for v1.19.3 (4)
-
[HIGH] SimpleSAMLphp has Possible DoS via XPath Transform
PKSA-1fc7-xrz7-vw78 CVE-2026-49289 GHSA-5cjr-mxj5-wmrx
Affected version: <=4.20.2
Reported by:
GitHub -
[HIGH] SimpleSAMLphp HTTP-Artifact TLS validator confusion allows cross-IdP authentication bypass
PKSA-yk3g-3g3t-ts6q CVE-2026-49283 GHSA-6929-8p9f-26jx
Affected version: <4.20.2|>=5.0.0,<5.0.6|>=6.0.0,<6.2.1
Reported by:
GitHub -
[HIGH] The SimpleSAMLphp SAML2 library incorrectly verifies signatures for HTTP-Redirect binding
PKSA-rxdv-j1j4-96fj CVE-2025-27773 GHSA-46r4-f8gj-xg56
Affected version: <=4.16.15|>=5.0.0-alpha.1,<=5.0.0-alpha.19
Reported by:
GitHub -
[MEDIUM] SimpleSAMLphp SAML2 has an XXE in parsing SAML messages
PKSA-1983-c8jn-trgm CVE-2024-52806 GHSA-pxm4-r5ph-q2m2
Affected version: <4.6.14
Reported by:
GitHub