Path Traversal Vulnerability in SimpleSAMLphp-casserver by Simplesamlphp
CVE-2026-46491

8.6HIGH

Key Information:

Vendor
CVE Published:
9 June 2026

What is CVE-2026-46491?

The SimpleSAMLphp-casserver, a CAS-compliant security module, is vulnerable to a path traversal attack that could allow a remote attacker to access sensitive files outside the designated ticket directory. This happens due to the method of building file paths by concatenating user-controlled ticket identifiers directly with the configured ticket directory. The vulnerability affects installations using the FileSystemTicketStore, where attackers can exploit this flaw to read and potentially delete files through crafted parameters passed to public ticket validation endpoints. An update to version 7.0.3 addresses this critical issue.

Affected Version(s)

simplesamlphp-module-casserver < 7.0.3

References

CVSS V3.1

Score:
8.6
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.