SAML Implementation Vulnerability in Admidio User Management Solution
CVE-2026-41669

8.2HIGH

Key Information:

Vendor: Admidio
Status: Admidio
Vendor: CVE Published:; 7 May 2026

What is CVE-2026-41669?

Admidio, an open-source user management solution, has a vulnerability in its SAML Identity Provider implementation prior to version 5.0.9. This flaw arises from the failure to properly validate SAML AuthnRequests and LogoutRequests, allowing unsigned or improperly signed requests to be processed without appropriate checks. The validateSignature() method, designed to throw exceptions on errors, incorrectly discards return values, which means that the smc_require_auth_signed configuration setting becomes ineffective. This poses a significant risk as it enables the system to inadvertently accept invalid signatures, compromising the integrity of user authentication processes. A fix has been implemented in version 5.0.9 to address this issue.

Affected Version(s)

admidio < 5.0.9

References

https://github.com/Admidio/admidio/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/Admidio/admidio/releases/tag/v5.0.9

x_refsource_MISC

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Apr 22, 2026

CVE-2026-41669 Data

JSON