Skip to main content

Suse CVE-2026-32725

| EUVDEUVD-2026-17561 HIGH
Relative Path Traversal (CWE-23)
2026-03-31 GitHub_M
8.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.3 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
SUSE
HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 06:10 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
1.4.1
EUVD ID Assigned
Mar 31, 2026 - 17:45 euvd
EUVD-2026-17561
Analysis Generated
Mar 31, 2026 - 17:45 vuln.today
CVE Published
Mar 31, 2026 - 17:01 nvd
HIGH 8.3

DescriptionGitHub Advisory

SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses ".." path components instead of rejecting them. As a result, an attacker can use parent-directory traversal in the scope claim to broaden the effective authorization beyond the intended directory. This issue has been patched in version 1.4.1.

AnalysisAI

Authorization bypass in scitokens-cpp library (all versions prior to 1.4.1) allows authenticated attackers to escape path-based scope restrictions via parent-directory traversal in token scope claims. The library incorrectly normalizes '..' components instead of rejecting them, enabling privilege escalation to access resources outside intended directories. EPSS data not provided, but the vulnerability is network-exploitable with low attack complexity (CVSS 8.3). No confirmed active exploitation (CISA KEV) or public exploit code identified at time of analysis, though the fix commit is publicly documented.

Technical ContextAI

SciTokens is an authorization token framework used in scientific computing environments for fine-grained access control, particularly in distributed high-performance computing and data grid systems. The scitokens-cpp library (CPE: cpe:2.3:a:scitokens:scitokens-cpp) implements token validation and scope enforcement in C++. The vulnerability stems from CWE-23 (Relative Path Traversal) in the scope authorization logic. When validating path-based scope claims within tokens, the library performs path normalization that collapses parent-directory sequences ('..') rather than treating them as invalid input. This allows an attacker to craft a token with a scope like '/allowed/path/../../sensitive/' which normalizes to '/sensitive/', bypassing the intended '/allowed/path/' restriction. The flaw exists in the authorization check phase after token signature validation, meaning legitimate token holders can escalate their privileges beyond their assigned scope boundaries.

RemediationAI

Upgrade to scitokens-cpp version 1.4.1 or later, which addresses the path traversal vulnerability by properly rejecting parent-directory components in scope claims rather than normalizing them. The fix is documented in commit 7951ed809967d88c00c20de414b1ff74df8c3e08 available at https://github.com/scitokens/scitokens-cpp/commit/7951ed809967d88c00c20de414b1ff74df8c3e08. Organizations should inventory all systems using the scitokens-cpp library, prioritizing externally-accessible services and multi-tenant environments. As a temporary workaround pending upgrade, implement additional path validation at the application layer to reject tokens containing '..' sequences in scope claims, though this is defense-in-depth only and does not replace patching. Review audit logs for tokens with suspicious path patterns in scope claims to identify potential exploitation attempts. Consult the official GitHub security advisory at https://github.com/scitokens/scitokens-cpp/security/advisories/GHSA-rqcx-mc9w-pjxp for additional vendor guidance.

Vendor StatusVendor

SUSE

Severity: High

Share

CVE-2026-32725 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy