[HIGH] simplesamlphp/xml-security: Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

PKSA-sxbn-dpg6-6ng9 CVE-2026-32600 GHSA-r353-4845-pr5p

Affected package: simplesamlphp/xml-security

Affected version: <2.3.1

Reported by:
GitHub