SAML Injection Vulnerability in samlify Library by TNGan
CVE-2026-46490
Key Information:
Badges
What is CVE-2026-46490?
The samlify library, used for SAML single sign-on in Node.js applications, is susceptible to an injection vulnerability prior to version 2.13.0. This issue arises because the library's template substitution mechanism fails to properly escape values inserted into XML element texts, allowing an attacker to inject malicious XML markup into attribute values. Consequently, a normal user can manipulate attributes (e.g., email, name) to embed unauthorized saml:Attribute elements within a signed assertion. When the Identity Provider (IdP) signs this compromised assertion, the Service Provider (SP) may accept these tampered attributes as legitimate. This can lead to privilege escalation dangers whenever these attributes are leveraged for authorization purposes. The vulnerability was addressed and fixed in version 2.13.0.
Affected Version(s)
samlify < 2.13.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
