Path Traversal Vulnerability in SimpleSAMLphp-casserver by Simplesamlphp
CVE-2026-46491
8.6HIGH
What is CVE-2026-46491?
The SimpleSAMLphp-casserver, a CAS-compliant security module, is vulnerable to a path traversal attack that could allow a remote attacker to access sensitive files outside the designated ticket directory. This happens due to the method of building file paths by concatenating user-controlled ticket identifiers directly with the configured ticket directory. The vulnerability affects installations using the FileSystemTicketStore, where attackers can exploit this flaw to read and potentially delete files through crafted parameters passed to public ticket validation endpoints. An update to version 7.0.3 addresses this critical issue.
Affected Version(s)
simplesamlphp-module-casserver < 7.0.3
